Apple’s Face ID software bypass of various Biometric Facial Recognition applications exposed its vulnerability by researchers of Tencent Security at the prestigious Black Hat USA 2019, says Threat Post. The only catch: victim should be unconscious or ‘frozen.’
Under the event captioned ‘Biometric Authentication Under Threat: Liveness Detection Hacking,’ hackers and researchers break-in software and codes of products and systems for the benefit of the makers to help make them more secure and safe.
iPhone’s Biometric Facial Recognition Bypassed With Glasses and Tape
To prove the flaws in Apple Face ID, all that was needed was a pair of glasses dubbed ‘X-glasses’. A small square white bit covered a larger rectangular black tape portion of the glasses at its center.
By placing the glasses on the face of a victim who is unaware or sleeping, or maybe dead in extreme cases, researchers under specific conditions, were able to access the victim’s phone bypassing the Biometric Facial Recognition system.
Researchers announced: “With the leakage of biometric data and the enhancement of AI fraud ability, liveness detection has become the Achilles’ heel of biometric authentication security as it is to verify if the biometric being captured is an actual measurement from the authorized live person who is present at the time of capture.”
Usually, voice/audio, fingerprint, or victim’s picture is used for bypass and unlock of the victim’s device. But during this demonstration, the focus was on liveness detection that facilitated unlock of the user phone with one glance. Here, and use of victim’s face in an unconscious state to bypass the Apple Face ID feature proved it all wrong.
iPhone & iPad Biometric Facial Recognition System Needs to Add ‘Chinks in their Armour’ For More Security
The demonstration met with success with the researchers saying, “After our research we found weak points in FaceID… it allows users to unlock while wearing glasses… if you are wearing glasses, it won’t extract 3D information from the eye area when it recognizes the glasses.”
But the conditional drawback, in this case, is – ‘unconscious’ victim who must not wake up while actor placing glasses over the victim’s face.
On the solution front, they recommended biometrics manufacturers add identity authentication for native cameras and increase the weight of video and audio synthesis detection.
In this age of Biometrics, Identification systems like Facial or Iris, play a vital role in enabling devices like the iPhone to unlock only by the owner of the device safely.
Apple has been recently granted a patent for Mac Face ID with a smart auto-wake feature.
Even as above such developments take place, Apple will need to enhance these features and fail hackers and attackers who hoodwink the software and codes. They gain unauthorized access and harm interests of the device owners and systems alike.
Have you come across any instance where you felt the security of your iPhones or iPads were vulnerable to ‘unlocking?’ Share your experience, please.