Heavy sleepers, beware: Researchers bypass Apple FaceID using glasses with tape

By Aaron Mamiit August 11, 2019

Heavy sleepers should probably not leave their iPhones lying around, after a team of security researchers exposed a vulnerability with the FaceID facial recognition system using an ordinary pair of glasses and two colors of tape.

In the session at Black Hat USA 2019 titled Biometric Authentication Under Threat: Liveness Detection Hacking, researchers from Tencent demonstrated how to exploit a specific vulnerability in FaceID.

Liveness detection is part of the biometric authentication process that separates real facial features from the fake ones. Part of the process is determining whether a person is awake with eyes open, or asleep with eyes closed. If the iris and pupil are not detected, then the device will not unlock.

Meanwhile, Apple’s facial recognition system allows iPhone owners to unlock their devices even while they are wearing glasses. However, once FaceID detects glasses, it skips extracting information from the eye area.

Combining these two features, the Tencent researchers figured out a way to bypass FaceID by sticking black tape on the center of each lens, and then white tape in the middle of each black tape. The black tape and white tape represent the iris and pupil, respectively.

Once the glasses are worn by victims, holding up their iPhone to their faces will trick FaceID and unlock the devices, giving the attacker access.

Regular iPhone owners will not have to worry about the FaceID vulnerability, as it will be difficult to put glasses on sleeping people without waking them up. The exploit will be effective when the victim is unconscious though, which will probably raise more alarms than an unlocked iPhone.

The method presented by the Tencent researchers is similar to the adversarial glasses that have baffled facial recognition systems. There have been other ways of fooling the technology such as a baseball cap studded with LEDs and a mash-up of a mask, but the glasses with tape trick appears to be the easiest to pull off so far.

Apple itself was at the Black Hat conference to announce an expanded bug bounty program that will pay $1 million for researchers who can discover a “zero-click full chain kernel execution attack with persistence.”

Editors' Recommendations

Topics

Contributor

Aaron received a NES and a copy of Super Mario Bros. for Christmas when he was 4 years old, and he has been fascinated with…

Mobile

Under-display Face ID on the iPhone 16 Pro raises 3 big questions

The iPhone 14 Pro's Dynamic Island showing the timer and music playing.

The pill-hole cutout was introduced on the iPhone 14 Pro and iPhone 14 Pro Max a few months back, and it seems like Apple already wants to make it smaller. A new report from The Elec claims that the company is planning to introduce an under-display Face ID setup next year. The feature is supposedly in the pipeline for iPhone 16 Pro series, and not the iPhone 15 lineup, which will be launching later this year.

According to the report, Apple is looking to move the components required for ‌Face ID‌ authentication under the ‌iPhone‌'s display in 2024. Theoretically, the TrueDepth sensor for Face ID will not be visible when not in use, which will provide a more intuitive experience when interacting with an iPhone. But the selfie shooter will have a cutout, so you aren’t going to get full-screen seamlessness like the unfolded Galaxy Z Fold 4.

Mobile

Apple users can now use Emergency SOS via satellite on iPhone 14

Person holding iPhone 14 searching for Emergency SOS satellite.

The highly anticipated Emergency SOS went live for iPhone 14 users on Tuesday, November 15. It was highlighted during Apple's Far Out event, which saw the release of iPhones, Apple Watches, and the next-gen AirPods Pro. The feature allows you to send messages using emergency services outside the cellular range. It is currently available to users in the U.S and Canada. Meanwhile, folks in France, Germany, Ireland, and the U.K. will have to wait until next month to get the same.

Recently, Apple said that it had to spend $450 million with U.S companies in order to get Emergency SOS via satellite rolling — with the majority of that money going to Globalstar, a Louisiana-based satellite operator. In an emergency, you can use the service by calling 911. Considering you are not in a cellular service region, a green SOS message button will appear saying “Emergency Text via Satellite.” After pressing the button, you will have to complete a multiple-choice questionnaire.

Mobile

Does the Apple iPad (2022) have Face ID?

The front of the iPad 10th Gen.

The release of the iPad (2022) marks the first time we've seen a unified design across Apple's complete tablet lineup in four years. The 2022 model of the entry-level iPad gains the nearly bezel-free design of its more expensive siblings and also marks the next big step in the ultimate death of Apple's Lightning port by bringing USB-C to the entire iPad family.

While the iPad was known for nearly eight years for its iconic design that featured wide bezels and a front-and-center home button, Apple changed the game when it released a new pair of iPad Pro models in the fall of 2018. Following at least partly in the footsteps of the 2017 iPhone X, the new iPad Pro lineup adopted an edge-to-edge screen design, eliminating the home button and adopting Face ID authentication. Although the bezels shrank dramatically over prior iPad models, the larger size of Apple's tablets allowed the company to leave enough room for the True Depth camera system needed to drive Face ID without resorting to a notched screen.