The annual Black Hat convention, dedicated towards digital security, just lead to some interesting findings by security researchers. They have managed to bypass Apple’s FaceID, often called the most secure and convenient, mobile biometric authentication system, in just 2 minutes! Usually we see interesting details, of how WhatsApp messages could be manipulated and modified, and even how much money Microsoft has paid towards ethical hackers to find security flaws. This time, researchers of Tencent completely wowed everyone.
How FaceID's "attention detection" works
iPhone’s have an attention detection feature, where the FaceID system searches for “liveliness” in order to validate the person is looking actively at the device or not. This system has been cleverly designed in order to block hackers from using wax models or 3D printed dummies from unblocking the device. The phone actively searches for “liveliness.”
However, the researchers from Tencent have managed to find a sort of “loophole” which allows them to trick the system into unlocking the device using the sleeping owner. Of course this would be difficult to pull off in a real-world scenario, but it is scary knowing such a work around exists!
What the researchers did
The researchers noticed that the iPhone doesn’t look for 3D data around the eyes if the user is wearing glasses. They noticed that the iPhone searches for a “black area of the eye” with a “white point” in it.
The researchers then used this data, and made glasses with white tape, and black tape on top of that in the middle. They then made a small hole in the middle to act as the “white point.”
Placing these spectacles on the sleeping user, allowed the FaceID system to bypass the 3D eye data detection, and unlocked the phone, even though the user was obviously “not attentive.” Of course this scenario would be hard to recreate on a sleeping person, as they would probably wake up in the process of putting sunglasses on them. It is not too hard to imagine this happening to someone that is passed out, due to the fact of this work around being incredibly simple.
Hopefully Apple is working on solving this loophole right now, and that this work around is not possible anymore.
Cover Image Source: Apple