Apple's Face ID just got hacked in most bizarre way
Apple's Face ID is said to be one of the safest available biometric locks. It makes a critical part of the iPhone, keeping it secure from unauthorized access as well as helping with payment authentication. But, just recently, a group of researchers displayed that even Face ID isn't fully secure. and can be bypassed it with nothing but tape and eyeglasses! Here's how.
Face ID works by creating and matching 3D face map
While regular facial recognition systems can be tricked face masks/photographs, Face ID dodges these techniques by creating 3D face maps. It uses the iPhone's TrueDepth camera system and a neural engine to create a detailed 3D depth map of the owner's face. Then, whenever someone tries to unlock the device, it compares their face with the stored facial model and assigns a similarity score.
If similarity score is high enough, the device unlocks
Apple's algorithms give the similarity score on the basis of certain parameters, including how well the facial features of the scanned face matches with the stored model as well as signs of liveness, like open eyes. If the assigned score is high enough, device unlocks.
Tencent's researchers found a workaround to bypass Face ID
The basic working of Face ID makes it impossible to use a photo or face mask to bypass the screen lock. However, security researchers from Tencent noted that when a person is wearing glasses, Face ID only looks for 2D data around the eyes, not 3D. So, they used this trick and came up with a very bizarre working way to bypass Face ID.
How Face ID was tricked
In order to fake the impression of open eyes in 2D, the researchers made a Face ID-registered subject wear glasses with a black tape attached to them. The tape had a white spot, which misled Face ID's liveness detection into thinking that the subject's eyes were actually open. It unlocked the device quickly, allowing the researchers to use the phone, even make payments.
However, this won't work in real world
While the hack highlights a loophole that can be used by a person to break into your iPhone while you're asleep, it isn't practical enough for actual attacks. Basically, a person would need access to both your iPhone and you to execute this hack. Not to mention, they'd literally have to place the glasses on your face, without you noticing, to make it work.
Forcing a person to unlock is easier than this
As The Verge points out, the technique devised by Tencent researchers is way more complicated and difficult than simply forcing a person to look at the screen their iPhone for unlocking. An FBI agent used it to break into an iPhone last year.
