Apple has been flaunting the security and privacy its 3D face recognition technology Face ID offers over Touch ID for quite some time now. Finally, researchers have managed to bypass the security of Face ID by finding a method to unlock iPhones secured with Face ID without the owner’s permission.
The details of the attack were explained on Black Hat USA 2019 which is an annual security conference. Researchers were able to get into the victim’s iPhone by using a modified pair of glasses. The glasses have a combination of white and black tape pasted on them and they call it the “X-glasses“.
All you have to do is place this odd-looking glasses on the victim’s face. I know that is easier said than done as you can’t possibly convince a person to wear these pair of glasses in their sane mind but the chances are limitless when they are unconscious or drunk. Using X-glasses, the researchers were able to unlock a victim’s iPhone and transfer money from his account, thanks to Face ID authentication method for payments.
Let’s get to the science part behind this attack. The researchers from Tencent discovered a vulnerability in liveness detection, a mechanism used by Face ID to differentiate fake features from real ones. They discovered that Face ID won’t use 3D information from the eye when it recognizes glasses on the face. Instead, it looks for 2D information which the researchers easily managed to fake with tapes simulating the black area with a white point on the center, just like a human eye.
“With the leakage of biometric data and the enhancement of AI fraud ability, liveness detection has become the Achilles’ heel of biometric authentication security as it is to verify if the biometric being captured is an actual measurement from the authorized live person who is present at the time of capture,” said the researchers in the conference.
We will have to wait to see how Apple deals with this security concern affecting their iPhones. Apple is more likely to find a solution to this issue soon, especially since the Cupertino giant is concerned about the security of its products.