Researchers from Tencent presenting at the Black Hat security conference in Las Vegas demonstrated a relatively simple way to break into someone’s iPhone by bypassing the Face ID feature. Apparently, if taped glasses are put on an unconscious person’s face, Apple’s Face ID can be tricked into unlocking the phone. The researchers managed to bypass the Face ID user authentication in just 120 seconds.
The researchers found a flaw in the liveness detection function of the biometric authentication system that is used by Apple for unlocking an iPhone using Face ID. The researchers discovered that the Face ID liveness process was apparently unable to pull detailed information from the eye region of the face when the system recognizes that the person is wearing glasses. Instead, it looks for a black area for the eye with a white point for the iris.
The researchers were able to get around this using glasses with black tape on the lenses and smaller pieces of white tape on the black tape. They then placed the modified glasses onto a “sleeping” victim. The white on the black tape was allowing the “white point” to be visible to Face ID, allowing the researchers to fool the system and unlock the iPhone. They then used the unlocked iPhone to transfer money using mobile payment.
The researchers said during their presentation that the point of the demonstration was to show the shortcomings of the liveness detection feature, a part of the biometric process that distinguishes between “fake” and “real” human characteristics. Usually, if someone is unconscious, Face ID will detect that and fail to open, but this technique apparently tricks this attention-awareness feature. Since the rest of the face matches the iPhone’s biometric record, the phone unlocks.
A big flaw in the technique is that the victim would have to be in such a deep sleep that they don’t wake up when someone tries to put glasses on their face. For those with nefarious purposes, it would probably be easier to access a Touch ID-protected iPhone using the finger of a sleeping victim.
