Researchers Demonstrated Method for Bypassing Face ID on an 'Unconscious' Victim's iPhone Using Glasses and Tape

[konqerror]

Reporting on this "research" is just giving these people the attention they want.

How many people in real life would go into that much trouble to unlock someone else's phone? If I'm a victim and held in captivity, I'd willingly unlock my phone for you so you can drain the $500 I have in my bank account.

You visit a foreign country. They want to perform industrial espionage by unlocking your phone and copying all your work e-mails.

And that's because you don't have a credit card either. The combined credit limits of a business traveler is easily $100,000.

 

[appleguy123]

Article quote:

“An attacker attempting to use this method in the real world would need a victim that's sleeping or unconscious, access to that victim's iPhone, and then glasses would need to be placed over the eyes without waking the person up.”

Yeah, because this is a real easy to bypass the users Face using this method.

Seems like it’s a bigger issue if you’re trying to keep your phone locked away from people that you live with. You could glue up some “frames” on a stick then hold the stick to make the lenses overlap with the eyes and break into a sleeping person’s phone without touching them.

I would wake up if someone touched my hands and moved them. I might not with this bypass. Hope my parents never read this article.
[doublepost=1565303771][/doublepost]

Face ID is still more secure than Touch ID... the work needed to bypass it is way more than just use the fingerprint of someone (you don't even have to touch them, if you align the phone to touch it directly)

You also have to know which of their 10 fingers to use. You only have one face.

 

[now i see it]

FaceID and TouchID are conveniences. If someone is concerned about every possible scenario that might beat it, use a long password instead. Yeah its slower but nobody will crack that (except Cellebrite)

 

[Darmok N Jalad]

This is why I use the uncrackable pin, 12345!

 

[keysofanxiety]

This is why I use the uncrackable pin, 12345!

Temba, his phone open.

 

[_Refurbished_]

If someone is able to do this, they deserve the damn phone.

 

[DotCom2]

Well thanks for letting all the Gangstas know.

 

[thedarkhalf]

1. Get chloroform
2. kidnap victim and use fake glasses to access phone
3. ...
4. Profit

 

[Kevin2055]

That's why I always put on a tiger head mask before sleep.

 

[dannyyankou]

Still more secure than using a photograph to fool certain “other” phones.

 

[ntlman]

BEST. POST. EVER.

 

[ersan191]

Haha this one is a bit of a stretch

 

[lederermc]

Face ID and Touch ID are for people that hate typing in their PIN code. It's a trade off. If you don't like don't use it. Next Question.

 

[69Mustang]

Haha this one is a bit of a stretch

Most ironic part is they did it at Black Hat where Apple was giving an update on their bounty program. Kinda funny when you think about it.

 

[az431]

does touch ID still work if the person is dead? cold fingers, etc

asking for a friend

Clearly you’ve never touched a dead person. They can’t get any colder than ambient temperature.

 

[Heineken]

It does not work with the dead or severed.

Give it a shock using a car battery and warm it up. Works every time. Tested many times.

 

[mi7chy]

Not really news since it's been known that iris > fingerprint > face biometric scanner.

 

[I7guy]

Seems like it’s a bigger issue if you’re trying to keep your phone locked away from people that you live with. You could glue up some “frames” on a stick then hold the stick to make the lenses overlap with the eyes and break into a sleeping person’s phone without touching them.

I would wake up if someone touched my hands and moved them. I might not with this bypass. Hope my parents never read this article.
[doublepost=1565303771][/doublepost]
You also have to know which of their 10 fingers to use. You only have one face.

I would wake up in a NY second if someone got near me. To each their own I guess, but then again Touch ID was hacked with sleeping person also. Security has to be good enough and convenient. Inconvenient security is no security.

 

[Gutwrench]

does touch ID still work if the person is dead? cold fingers, etc asking for a friend

Yep. Police actually did this to a dead perp at a funeral once.

If I’m dead good luck trying to open my Touch ID device like that coppers.
I registered my left nipple.

 

[Westside guy]

Sunglasses? You need to step up your game and get the always awake glasses.

That's amateur hour - I had each of my eyelids tattooed with a realistic image of the underlying eyeball.

 

[az431]

Most ironic part is they did it at Black Hat where Apple was giving an update on their bounty program. Kinda funny when you think about it.

How is that ironic or funny? If Apple had been announcing the end of the bounty program then it might be both funny and ironic.

 

[NickName99]

This is quite a reach. Once they have YOU in their possession, they're going to get into your phone.

 

[trssho]

Why the F would you and others publish this. Calling out bypassing the VICTIMS...... WEIRD!

 

[ocnitsa]

Glad people are figuring out workarounds like this and publicizing them so that tech gets updated and improved.

 

[Westside guy]

This is why I use the uncrackable pin, 12345!

Crap, that's also my luggage combination!