Researchers Demonstrated Method for Bypassing Face ID on an 'Unconscious' Victim's iPhone Using Glasses and Tape

During the Black Hat USA conference in Las Vegas, researchers demonstrated a Face ID bypass method that used glasses and tape to unlock and infiltrate the iPhone of an "unconscious" victim.

According to a report from Threatpost (via iMore), researchers from Tencent aimed to fool the "liveness" detection feature in biometrics, which is meant to distinguish "real" from "fake" features on people.


Liveness detection, said the researchers, detects background noise and response distortion or focus blur, allowing it to make sure that a face is a real face and not a mask. This liveness detection is used by Face ID, and Apple even has an "Attention Aware" feature that makes sure your ‌iPhone‌ doesn't unlock unless you're looking at it.

To trick Face ID, the researchers created prototype glasses with black tape on the lenses and white tape inside the black tape to emulate the look of an eye. When putting the glasses over a sleeping victim's face, they were able to access his ‌iPhone‌ and send themselves money through a mobile payment app.

This method worked because the researchers found that liveness detection works differently with glasses and essentially doesn't extract 3D information from the eye area when glasses are worn.

They discovered that the abstraction of the eye for liveness detection renders a black area (the eye) with a white point on it (the iris). And, they discovered that if a user is wearing glasses, the way that liveness detection scans the eyes changes.

"After our research we found weak points in FaceID... it allows users to unlock while wearing glasses... if you are wearing glasses, it won't extract 3D information from the eye area when it recognizes the glasses."

An attacker attempting to use this method in the real world would need a victim that's sleeping or unconscious, access to that victim's ‌iPhone‌, and then glasses would need to be placed over the eyes without waking the person up. It's worth noting that this isn't a situation most people are likely to run into, and there's also no secondary research on this alleged method this time.

To mitigate the eye detection loophole in the future, researchers suggested biometrics manufacturers add identity authentication for native cameras and "increase the weight of video and audio synthesis detection."

Apple has designed Face ID with easy access disabling measures for situations where a person might be coerced or forced into unlocking an ‌iPhone‌ with facial recognition. Pressing on the sleep/wake button of a Face ID-enabled ‌iPhone‌ five times in rapid succession brings up an emergency SOS screen that automatically disables Face ID and requires a passcode to be entered before Face ID works again. Pressing and holding the side/top button and a volume button also works on the ‌iPhone‌ and the iPad Pro.

Tag: Face ID

Top Rated Comments

(View all)
Avatar
12 months ago
And with Touch ID, you just grab a sleeping/unconscious victim's finger and...
Score: 83 Votes (Like | Disagree)
Avatar
12 months ago

That's why I always wear sunglasses when I sleep in public... Everybody thinks I'm awake and just unengaged with the people around me. No one can break THAT fortress of security!

Sunglasses? You need to step up your game and get the always awake glasses. ;)

Score: 38 Votes (Like | Disagree)
Avatar
12 months ago
This is a bit of a reach. I think for Face ID to be fooled by such a ridiculous circumstance just goes to show how hard they’ve tried to ‘break’ it — I highly doubt this was their first attempt or idea for how to circumvent it.

It’s a far cry from a photograph fooling facial recognition.
Score: 34 Votes (Like | Disagree)
Avatar
12 months ago
Article quote:

An attacker attempting to use this method in the real world would need a victim that's sleeping or unconscious, access to that victim's iPhone, and then glasses would need to be placed over the eyes without waking the person up.”

Yeah, because this is a real easy to bypass the users Face using this method. :rolleyes:
Score: 31 Votes (Like | Disagree)
Avatar
12 months ago

When putting the glasses over a sleeping victim's face,

ok. how is this any less secure than TouchID?
Score: 27 Votes (Like | Disagree)
Avatar
12 months ago
I appreciate these findings because it challenges Apple and others to improve the security of devices as we move to biometrics. But I highly doubt someone could slap some glasses on my face and I not wake up... moreover if what’s in my phone is this important that you’d make a pair of Face ID cooling glasses. I doubt I’d be around you anyway
[doublepost=1565302156][/doublepost]Weekend at Bernie’s type crap lol
Score: 25 Votes (Like | Disagree)

Top Stories

Apple Warns Against Closing MacBooks With a Cover Over the Camera

Friday July 10, 2020 11:12 am PDT by
Apple this month published a support document that warns customers against closing their Mac notebooks with a cover over the camera as it can lead to display damage. Image via Reddit Apple says that the clearance between the display and the keyboard is designed to very tight tolerances, which can be problematic. Covering the camera can also cause issues with automatic brightness and True Tone....

Leaker: 'iPhone 12 Pro' to Come With 6GB of RAM

Friday July 10, 2020 1:59 am PDT by
Later this year, Apple is expected to release four OLED iPhones in three display sizes, including 5.4, 6.7, and two 6.1-inch models. Rumors suggest the 6.7-inch iPhone and one 6.1-inch model will be higher-end devices, and now leaker @L0vetodream has corroborated previous rumors about the internal specs of Apple's upcoming lineup. Rumors suggest Apple will use 5-nanometer A14 chips in its...

Apple Moving Forward on Semitransparent Lenses for Upcoming AR Headset

Friday July 10, 2020 7:24 am PDT by
Apple and Foxconn have reached a key milestone in the development of Apple's long-rumored augmented reality headset, with the semitransparent lenses for the device moving from prototype to trial production, reports The Information. Apple is developing the lenses on a single production line at a Foxconn factory in Chengdu in southwestern China, where most of Apple’s iPad production is...

Kuo: Apple Silicon Macs to Include 13-inch MacBook Pro and MacBook Air This Year, 14.1-inch and 16-inch MacBook Pro Models Next Year

Friday July 10, 2020 2:58 am PDT by
At last month's WWDC, Apple officially announced that its Mac computers will be transitioned from Intel x86 to homegrown Apple Silicon chips. Apple said it plans to deliver the first Apple Silicon Mac by the end of the year and complete the transition in about two years. According to Apple analyst Ming-Chi Kuo, a 13.3-inch MacBook Pro with a form factor similar to the current 13.3-inch...

Arm-Intel-PowerPC Universal Binaries Are Possible

Saturday July 11, 2020 1:42 pm PDT by
Casual MacRumors visitors may not realize that we have a very active PowerPC forum where users discuss issues related to PowerPC Macs that have not been produced since 2006. Threads range from hardware upgrades and software options to nostalgia: Photo by AphoticD Apple's recently announced transition to Apple Silicon (Arm) based Macs raised some interesting questions about future support...

iPhone 12 Sizes Compared with iPhone SE, 7, 8, SE 2, X, 11, 11 Pro and 11 Pro Max [Update]

Tuesday July 7, 2020 6:49 pm PDT by
Apple is planning on launching the iPhone 12 this fall which is rumored to be coming in 3 different sizes: 5.4", 6.1" and 6.7". The middle size (6.1") matches up with the currently shipping iPhone 11, but the other two sizes will be entirely new. Over the weekend, there was some excitement about how well the new 5.4" iPhone 12 compares to the original iPhone SE. Those who have been hoping...

Tom Hanks WWII Movie 'Greyhound' Debuts on Apple TV+

Friday July 10, 2020 3:33 am PDT by
Apple TV+ today debuted "Greyhound," the highly anticipated Second World War movie starring Tom Hanks as a naval officer given command of Navy destroyer Greyhound in the Battle of the Atlantic. "Greyhound" features Hanks as George Krause, who must fight his own self doubts and personal demons as he leads a convoy of Allied ships against German U-boats to prove that he belongs in command. ...

Top Stories: iOS 14 Public Beta, iPhone 12 Size Comparison, 14-Inch MacBook Pro Rumors

Saturday July 11, 2020 6:00 am PDT by
After one round of developer beta testing, Apple unleashed iOS and iPadOS 14 to a wider audience this week, opening it up to members of the public beta program. There are lots of changes and new features to check out, but as with any beta, be careful about installing it on your main devices. Subscribe to the MacRumors YouTube channel for more videos. Other major stories this week included our ...

Hands-On With tvOS 14: Picture in Picture, 4K YouTube, HomeKit and More

Thursday July 9, 2020 12:48 pm PDT by
Apple at WWDC introduced a new version of tvOS, the software that's designed to run on the fourth and fifth-generation Apple TV models. tvOS updates are often more minor in scale than iOS, watchOS, and macOS updates, but tvOS 14 has some useful new features. Subscribe to the MacRumors YouTube channel for more videos. Apple in tvOS 13 introduced a Picture in Picture option for the Apple TV...

Apple CEO Tim Cook's 2019 Compensation Totaled Over $133 Million

Friday July 10, 2020 12:01 pm PDT by
Apple CEO Tim Cook was the second highest paid CEO in the United States in 2019, according to Bloomberg's list of the highest paid CEOs and executives in 2019. Cook received compensation totaling $133,727,869 by Bloomberg's count. Almost all of Cook's compensation was provided in the form of stock awards and related performance bonuses. As reported by the SEC earlier this year, Cook received ...