What you need to know
- Researchers have allegedly demonstrated how to bypass Apple's Face ID.
- The method involves an unconscious participant and special glasses.
- The exploit is said to take advantage of the "liveness" feature related to facial biometrics.
Researchers presenting at the 2019 Black Hat conference have revealed a possible flaw with facial biometrics, including Apple's Face ID. The exploit, however, isn't especially easy to pull off.
According to researchers, Face ID can be bypassed using modified glasses. To pull it off, you either need a willing participant or for the user to be unconscious.
Threatpost has the report:
By merely placing tape carefully over the lenses of a pair of glasses and placing on the victim's face the researchers demonstrated how they could bypass Apple's FaceID in a specific scenario. The attack itself is difficult, given the bad actor would need to figure out how to put the glasses on an unconscious victim without waking them up.
To bypass Face ID, researchers took advantage of the system's "liveness" feature, which detects if a person is looking at their device.
Researchers specifically honed in on how liveness detection scans a user's eyes. They discovered that the abstraction of the eye for liveness detection renders a black area (the eye) with a white point on it (the iris). And, they discovered that if a user is wearing glasses, the way that liveness detection scans the eye changes.
When a users is wearing glasses, Face ID doesn't extract 3D information from the eye, the researchers said. So, to bypass the liveness feature, researchers created modified glasses that uses black and white tape. They then demonstrated how to bypass Face ID and transfer money through mobile payments.
In a support document, Apple explains that Face ID was designed to protect against spoofing by masks and other techniques using anti-spoofing neural networks. It also specifically mentions its attention-aware feature as extra security.
Although researchers have seemingly found a way to bypass facial biometrics using modified glasses, there are a number of factors that make the possible exploit difficult to pull off.
We may earn a commission for purchases using our links. Learn more.
On Apple and the FBI regarding privacy, from San Bernardino to Pensacola
We compare two of the most high-profile Apple news stories in recent memory.
Apple and Google accused of using market dominance to cripple competition
Sonos, Tile, Basecamp and PopSockets have all testified to a House antitrust committee, stating that big tech firms like Amazon, Apple and Google used their market dominance and bullying business tactics to crush competition.
Apple signs multi-year Apple TV+ deal with Seinfeld's Julia Louis-Dreyfous
Apple has signed a multi-year deal with Julia Louise-Dreyfus, formerly of Saturday Night Live and Seinfeld.
The perfect fit for smaller spaces, the best 32-inch TVs
Big-screen TVs are the greatest, but a 55-inch probably doesn't make much sense in your bedroom, kitchen, or smaller living room. 32 inches is often the perfect size for these spaces, and these are the best 32-inch TVs you can buy.