Saturday, April 20, 2024
News

Heavy sleepers, beware: Researchers bypass Apple FaceID using glasses with tape

By Digitaltrends
Heavy sleepers, beware: Researchers bypass Apple FaceID using glasses with tape

Share

Heavy sleepers should probably not leave their iPhones lying around, after a team of security researchers exposed a vulnerability with the FaceID facial recognition system using an ordinary pair of glasses and two colors of tape.

In the session at Black Hat USA 2019 titled Biometric Authentication Under Threat: Liveness Detection Hacking, researchers from Tencent demonstrated how to exploit a specific vulnerability in FaceID.

Liveness detection is part of the biometric authentication process that separates real facial features from the fake ones. Part of the process is determining whether a person is awake with eyes open, or asleep with eyes closed. If the iris and pupil are not detected, then the device will not unlock.

Meanwhile, Apple’s facial recognition system allows iPhone owners to unlock their devices even while they are wearing glasses. However, once FaceID detects glasses, it skips extracting information from the eye area.

Combining these two features, the Tencent researchers figured out a way to bypass FaceID by sticking black tape on the center of each lens, and then white tape in the middle of each black tape. The black tape and white tape represent the iris and pupil, respectively.

Once the glasses are worn by victims, holding up their iPhone to their faces will trick FaceID and unlock the devices, giving the attacker access.

Regular iPhone owners will not have to worry about the FaceID vulnerability, as it will be difficult to put glasses on sleeping people without waking them up. The exploit will be effective when the victim is unconscious though, which will probably raise more alarms than an unlocked iPhone.

The method presented by the Tencent researchers is similar to the adversarial glasses that have baffled facial recognition systems. There have been other ways of fooling the technology such as a baseball cap studded with LEDs and a mash-up of a mask, but the glasses with tape trick appears to be the easiest to pull off so far.

Apple itself was at the Black Hat conference to announce an expanded bug bounty program that will pay $1 million for researchers who can discover a “zero-click full chain kernel execution attack with persistence.”

Editors’ Recommendations

  • iOS 13: Everything you need to know about the new software

  • U.S. Navy is working on making its fleet invisible to computerized surveillance

  • Android vs. iOS: Which smartphone platform is the best?

  • Android Q: Everything we know so far about Google’s next mobile OS

  • What is Apple CarPlay?






Read more

More News

The AIVAnet is a collector and classifier of app news articles and online technology news, which works automatically by collecting and collating the RSS feeds from popular sites (IOS news feed,latest tablet news, etc.).
The articles deal with mobile app reviews, especially with android reviews, and IOS. One of the central thematic axes is also the comparisons. You can find articles with tablet reviews, comparisons and mobile OS systems or mobile OS stats.
We also provide some of the most popular app news express, for android and IOS or windows phone. The online technology news that you can find in our pages are just opinions and ideology, allowing you to see how different news agencies present the same news.

AIVAnet is supported by Cloud Services Store

Company

© AIVAnet