Just need glasses and tape, hackers can face Face ID, but …

In the Black Hat USA in Las Vegas recently, researchers demonstrated the method by Face ID using eyeglasses and a roll of tape to unlock and penetrate the iPhone a victim “is Unconscious “.

According to a report from Threatpost, researchers from Tencent have found a way to deceive the ability to detect “life” in biometric security methods, which are used to distinguish “real” and “characteristics”. fake “on the user’s face.”

According to the researchers, life detection has the ability to recognize noise in the background image, response distortions and focal blurring, allowing it to ensure that it is a real face, not a mask. Face ID uses the ability to detect life and even Apple has enhanced the “Attention Aware” feature to ensure the iPhone will not unlock unless you look at it.

To deceive Face ID, the researchers created a glass prototype with a black tape attached to the glasses and a white tape attached to the center of the black tape to simulate the human eye. When wearing these fake glasses on the face of the sleeping victim, hackers can hack into the iPhone and steal money through mobile payment applications.

This method is possible because the researchers discovered that life-detection features work differently from eyeglasses and basically do not extract 3D information from the eye area when wearing glasses.

The eyeglasses used to fool Face ID on iPhone.

They realized that this feature recognized where the human eye was when it produced a black area (symbolizing the human eye) with a white point in the middle (symbolizing the pupil). And then, they also discovered that if users wear eyeglasses, this feature will detect the human eye by scanning the change of the eyes.

“After our research, we discovered weakness on the Face ID … it allows users to unlock while still wearing glasses … if you are wearing glasses, it will not be able to extract 3D data from the area. eyes when he realizes you are wearing glasses. ”

The attack scenario in this case is that the hacker will need a sleeping or unconscious victim to be able to access the victim’s iPhone, then put the glasses on the victim’s eyes without waking them up. It is worth noting that this is not the situation that people always face and there are no other side studies related to this method in the present.

To mitigate the vulnerability in this eye detection feature, the researchers propose manufacturers of biometric security systems to add the ability to authenticate the camera and “enhance the impact from the video.” and the ability to synthesize sound. ”

Apple has designed the Face ID with the ability to disable intrusion in case the device owner can be forced or forced to unlock the iPhone with face detection. Pressing fast for 5 times to sleep / wake buttons on iPhones with Face ID will display the SOS emergency screen to automatically disable Face ID and require to login with a password before Face ID resumes. Pressing and between the power key and volume button also provides the same effect on iPhone and iPad Pro.

Refer to Mac Rumors