Cybersecurity experts have found a new way to trick Face ID. To do this, they needed to “put to sleep” the owner of the iPhone
12.08.2019 0 Comments
At the Black Hat 2019 conference, security experts from Tencent showed how to trick the Face ID unlock system used on Apple smartphones with ordinary glasses and scotch tape.
The essence of the method is as follows: the researchers glued large black squares with small dots on top of the lenses of standard glasses, after which this installation was put on the “sleeping” (supposedly unconscious) iPhone user and “demonstrated” the result of the front camera of the smartphone. As a result, the device decided that the owner was looking directly at the camera, and quietly unlocked.
As the experts explain, the trick exploits the features of Face ID, which before giving an unlock command, among other things, needs to make sure that it is a live authorized user (and not, say, a doll) in front of him and that he is looking at the camera. The catch is that when the software detects glasses on the user, it examines the eye area very mediocre, without extracting 3D information from it, being content with only a formal definition of the presence of “eyes” in the form of a large spot (iris) and a small dot (pupil).
During the speech, the researchers admitted that in real life it is quite difficult to carry out such an attack: attackers must have physical access to the gadget, and the person who needs to put on glasses must sleep soundly. Nevertheless, vulnerability is a vulnerability and even a minimal one, but it still presents a danger.