Researchers Demonstrated Method for Bypassing Face ID on an 'Unconscious' Victim's iPhone Using Glasses and Tape

During the Black Hat USA conference in Las Vegas, researchers demonstrated a Face ID bypass method that used glasses and tape to unlock and infiltrate the iPhone of an "unconscious" victim.

According to a report from Threatpost (via iMore), researchers from Tencent aimed to fool the "liveness" detection feature in biometrics, which is meant to distinguish "real" from "fake" features on people.

faceidbypass
Liveness detection, said the researchers, detects background noise and response distortion or focus blur, allowing it to make sure that a face is a real face and not a mask. This liveness detection is used by ‌Face ID‌, and Apple even has an "Attention Aware" feature that makes sure your ‌iPhone‌ doesn't unlock unless you're looking at it.

To trick ‌Face ID‌, the researchers created prototype glasses with black tape on the lenses and white tape inside the black tape to emulate the look of an eye. When putting the glasses over a sleeping victim's face, they were able to access his ‌iPhone‌ and send themselves money through a mobile payment app.

This method worked because the researchers found that liveness detection works differently with glasses and essentially doesn't extract 3D information from the eye area when glasses are worn.

They discovered that the abstraction of the eye for liveness detection renders a black area (the eye) with a white point on it (the iris). And, they discovered that if a user is wearing glasses, the way that liveness detection scans the eyes changes.

"After our research we found weak points in FaceID... it allows users to unlock while wearing glasses... if you are wearing glasses, it won't extract 3D information from the eye area when it recognizes the glasses."

An attacker attempting to use this method in the real world would need a victim that's sleeping or unconscious, access to that victim's ‌iPhone‌, and then glasses would need to be placed over the eyes without waking the person up. It's worth noting that this isn't a situation most people are likely to run into, and there's also no secondary research on this alleged method this time.

To mitigate the eye detection loophole in the future, researchers suggested biometrics manufacturers add identity authentication for native cameras and "increase the weight of video and audio synthesis detection."

Apple has designed ‌Face ID‌ with easy access disabling measures for situations where a person might be coerced or forced into unlocking an ‌iPhone‌ with facial recognition. Pressing on the sleep/wake button of a Face ID-enabled ‌iPhone‌ five times in rapid succession brings up an emergency SOS screen that automatically disables ‌Face ID‌ and requires a passcode to be entered before ‌Face ID‌ works again. Pressing and holding the side/top button and a volume button also works on the ‌iPhone‌ and the iPad Pro.

Top Rated Comments

Wilson1313 Avatar
37 months ago
And with Touch ID, you just grab a sleeping/unconscious victim's finger and...
Score: 83 Votes (Like | Disagree)
keysofanxiety Avatar
37 months ago
That's why I always wear sunglasses when I sleep in public... Everybody thinks I'm awake and just unengaged with the people around me. No one can break THAT fortress of security!
Sunglasses? You need to step up your game and get the always awake glasses. ;)

Score: 38 Votes (Like | Disagree)
keysofanxiety Avatar
37 months ago
This is a bit of a reach. I think for Face ID to be fooled by such a ridiculous circumstance just goes to show how hard they’ve tried to ‘break’ it — I highly doubt this was their first attempt or idea for how to circumvent it.

It’s a far cry from a photograph fooling facial recognition.
Score: 34 Votes (Like | Disagree)
Relentless Power Avatar
37 months ago
Article quote:

An attacker attempting to use this method in the real world would need a victim that's sleeping or unconscious, access to that victim's iPhone, and then glasses would need to be placed over the eyes without waking the person up.”

Yeah, because this is a real easy to bypass the users Face using this method. :rolleyes:
Score: 31 Votes (Like | Disagree)
farewelwilliams Avatar
37 months ago
When putting the glasses over a sleeping victim's face,
ok. how is this any less secure than TouchID?
Score: 27 Votes (Like | Disagree)
Kardinal1911 Avatar
37 months ago
I appreciate these findings because it challenges Apple and others to improve the security of devices as we move to biometrics. But I highly doubt someone could slap some glasses on my face and I not wake up... moreover if what’s in my phone is this important that you’d make a pair of Face ID cooling glasses. I doubt I’d be around you anyway
[doublepost=1565302156][/doublepost]Weekend at Bernie’s type crap lol
Score: 25 Votes (Like | Disagree)

Popular Stories

iPhone 14 Purple Lineup Feature

Will the iPhone 14 Be a Disappointment?

Saturday May 21, 2022 9:00 am PDT by
With around four months to go before Apple is expected to unveil the iPhone 14 lineup, the overwhelming majority of rumors related to the new devices so far have focused on the iPhone 14 Pro, rather than the standard iPhone 14 – leading to questions about how different the iPhone 14 will actually be from its predecessor, the iPhone 13. The iPhone 14 Pro and iPhone 14 Pro Max are expected...
apple ar headset concept 1

Apple's Headset Said to Feature 14 Cameras Enabling Lifelike Avatars, Jony Ive Has Remained Involved With Design

Friday May 20, 2022 6:50 am PDT by
Earlier this week, The Information's Wayne Ma outlined struggles that Apple has faced during the development of its long-rumored AR/VR headset. Now, in a follow-up report, he has shared several additional details about the wearable device. Apple headset render created by Ian Zelbo based on The Information reporting For starters, one of the headset's marquee features is said to be lifelike...
sony headphones 1

Sony's New WH-1000XM5 Headphones vs. Apple's AirPods Max

Friday May 20, 2022 12:18 pm PDT by
Sony this week came out with an updated version of its popular over-ear noise canceling headphones, so we picked up a pair to compare them to the AirPods Max to see which headphones are better and whether it's worth buying the $400 WH-1000XM5 from Sony over Apple's $549 AirPods Max. Subscribe to the MacRumors YouTube channel for more videos. First of all, the AirPods Max win out when it comes ...
apple music

Apple Increases Apple Music Subscription Price for Students in Several Countries

Sunday May 22, 2022 1:57 am PDT by
Apple has silently increased the price of its Apple Music subscription for college students in several countries, with the company emailing students informing them their subscription would be slightly increasing in price moving forward. The price change is not widespread and, based on MacRumors' findings, will impact Apple Music student subscribers in but not limited to Australia, the...
iPhone 13 Face ID

'High-End' iPhone 14 Front-Facing Camera to Cost Apple Three Times More

Monday May 23, 2022 7:05 am PDT by
The iPhone 14 will feature a more expensive "high-end" front-facing camera with autofocus, partly made in South Korea for the first time, ET News reports. Apple reportedly ousted a Chinese candidate to choose LG Innotek, a South Korean company, to supply the iPhone 14's front-facing camera alongside Japan's Sharp. The company is said to have originally planned to switch to LG for the iPhone...