comscore Apple’s Face ID can be easily bypassed using modified glasses
News

Apple’s Face ID can be easily bypassed using modified glasses: Security researchers

Researchers have discovered a flaw in Apple’s Face ID that allows users to bypass security using modified glasses. The process isn’t straightforward, but it works.

  • Published: August 9, 2019 3:53 PM IST
iphone x face id

With the iPhone X, Apple ditched the fingerprint scanner (Touch ID) and replaced it with Face ID. Apple has always billed Face ID to be more secure than Touch ID. And while bypassing the biometric security isn’t easy, it is possible. Security researchers at 2019 Black Hat conference revealed a possible flaw with facial biometrics.

How researchers bypassed Face ID

According to researchers, once can use modified glasses to bypass the biometric security medium. “By merely placing tape carefully over the lenses of a pair of glasses and placing on the victim’s face the researchers demonstrated how they could bypass Apple’s FaceID in a specific scenario. The attack itself is difficult, given the bad actor would need to figure out how to put the glasses on an unconscious victim without waking them up,” a report on Threatpost said.

Researchers took advantage of ‘liveness’ feature of the system. It detects if a person is looking at the device. “They discovered that the abstraction of the eye for liveness detection renders a black area (the eye) with a white point on it (the iris). And, they discovered that if a user is wearing glasses, the way that liveness detection scans the eye changes.”

They then demonstrated the same by creating modified glasses by using white and black tape. In the demo, researchers showed how to bypass security and transfer money using mobile payments. Apple, in a support document explains that Face ID was designed to avoid spoofing by masks and other techniques. To achieve this, it uses neural networks. As an extra layer of security, Apple also has an attention-aware feature.

How companies can tighten the security

While researchers have found a way to bypass facial biometrics, the exploit is very difficult to pull off. In terms of mitigation, researchers suggest manufacturers to add identity authentication for native cameras. They also recommend to increase “the weight of video and audio synthesis detection.”

You Might be Interested

Apple iPhone X

95390

iOS 11
A11 Bionic 64-bit chipset with M11 motion coprocessor
dual 12MP camera f/1.8 and f/2.8 apertures with dual OIS
Apple iPhone XS Max

109900

iOS 12
Apple A12 Bionic hexa-core chipset
12MP + 12MP
Apple iPhone XS

89900

Apple iOS 12
A12 Bionic hexa-core SoC
12MP + 12MP
  • Published Date: August 9, 2019 3:53 PM IST