Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Researchers Demonstrated Method for Bypassing Face ID on an 'Unconscious' Victim's iPhone Using Glasses and Tape
- Thread starter MacRumors
- Start date
- Sort by reaction score
FaceID & TouchID are meant to safeguard kids/friends/colleagues from snooping around your phone. It isn't meant to keep professionals or shady groups of individuals whose jobs are to infiltrate and hack devices. You'd have to be someone fairly important to get that level of attention.
Not something that will take more than 2-3 minutes to figure out. Plus, 99% of the people register their index finger and some the thumb.
No, let me unlock my phone with my left ring finger...?
If people are worried about housemates getting into their phone using this method, just lock your phone before going to sleep. Hold the power button and either volume button down for a couple seconds, now it’s locked and requires your passcode. You can do this any time you’re worried about someone getting your iPhone for whatever reason.
Lol, with touch ID, thief only need to chop off fingers, now with this face Id discovery, they will need to cut off the entire head to unlock. How convenient...
And not to mention placing the fingers in a bowl of warm water!
Everyone needs to remember that if someone has access to you (even conscious) your phone and an irrationally strong need to see what’s on your phone, the only other thing they REALLY need is, say, a pipe wrench.
I just elevate my privileges instead.
Code:
$sudo sendme $20
$Done.
$
[doublepost=1565312150][/doublepost]
Amazing! I have the same combination on my luggage!
Last edited:
It's funny and ironic to me because I find the circumstances of the location and timing of both announcements to be oddly coincidental.
This would be funny to me as well. Doesn't make the other circumstance any less humorous to me.
Imo, It’s actually:
- FaceID
- Fingerprint Sensor aka TouchID
- Fingerprint Under Screen
- Iris
- Android Facial Recognition
Last edited by a moderator:
Black Hat conferences are EXACTLY the location where security researchers announce exploits they’ve discovered. It’s literally the entire reason for the conference.
Last edited by a moderator:
Uhhh... so with TouchID I can gently put a sleeping person’s finger on the phone. That’s probably less of a stretch than getting glasses on them.
Means even if a user has activated attention aware for FaceID, another individual can simply knock you out, put on a simple non-prescription set of glasses with black and white tape to resemble vague eyes being open and can simply get into an iPhone. Notice that the strips of black tape is not circular and neither is the white squares. Which leads me to believe that attention aware feature functions on contrast of light absorption and light reflection. This additional step of security can be by-passed by a simple hack, quite interesting and funny.
The moral of the story is any man-made security can be hacked. Yet people here are still trying to justify if TouchID is more secure compared to FaceID, I wonder why that is because the price of iPhone X onward increased on a perceived more secure technology inclusion compared to the previous option.
FYI, I have an iPhone XS and have no reason to support or neglect the findings of this report. May it be TouchID or FaceID we all just want a cheaper and secure device.
[doublepost=1565318611][/doublepost]
No requirement, I wonder if paper cutout of open eyes may work sans glasses. Defeated by a paper hack.
[doublepost=1565318729][/doublepost]
I believe the hack may work just as well with just open eye paper cutouts placed over a sleeping persons closed eyes. No glasses required.
I believe this has to do with the attention aware feature/function that is added as an additional layer of security for FaceID.
I though people would welcome any hack that Apple or any other company can improve upon, people here sound like this is a personal attack on them, good grief.
What next iOS/macOS has a security bug, great why are people looking for bugs in the OS, if no one was looking for them then Apple would not have to fix them. Head in the ground type of thinking, just because you do not want to acknowledge a vulnerability does not mean it is not being exploited or can be by others. If you don't like security please provide me your bank and credit card number with PIN and CVV.
[doublepost=1565319418][/doublepost]
But if you do not dry that wet finger then TouchID will not work.
During the Black Hat USA conference in Las Vegas, researchers demonstrated a Face ID bypass method that used glasses and tape to unlock and infiltrate the iPhone of an "unconscious" victim.
According to a report from Threatpost (via iMore), researchers from Tencent aimed to fool the "liveness" detection feature in biometrics, which is meant to distinguish "real" from "fake" features on people.
Liveness detection, said the researchers, detects background noise and response distortion or focus blur, allowing it to make sure that a face is a real face and not a mask. This liveness detection is used by Face ID, and Apple even has an "Attention Aware" feature that makes sure your iPhone doesn't unlock unless you're looking at it.
To trick Face ID, the researchers created prototype glasses with black tape on the lenses and white tape inside the black tape to emulate the look of an eye. When putting the glasses over a sleeping victim's face, they were able to access his iPhone and send themselves money through a mobile payment app.
This method worked because the researchers found that liveness detection works differently with glasses and essentially doesn't extract 3D information from the eye area when glasses are worn.An attacker attempting to use this method in the real world would need a victim that's sleeping or unconscious, access to that victim's iPhone, and then glasses would need to be placed over the eyes without waking the person up. It's worth noting that this isn't a situation most people are likely to run into, and there's also no secondary research on this alleged method this time.
To mitigate the eye detection loophole in the future, researchers suggested biometrics manufacturers add identity authentication for native cameras and "increase the weight of video and audio synthesis detection."
Apple has designed Face ID with easy access disabling measures for situations where a person might be coerced or forced into unlocking an iPhone with facial recognition. Pressing on the sleep/wake button of a Face ID-enabled iPhone five times in rapid succession brings up an emergency SOS screen that automatically disables Face ID and requires a passcode to be entered before Face ID works again. Pressing and holding the side/top button and a volume button also works on the iPhone and the iPad Pro.
Article Link: Researchers Demonstrated Method for Bypassing Face ID on an 'Unconscious' Victim's iPhone Using Glasses and Tape
Holdup murder has never been more effective. Why does MacMumors publish and multiply this? Stimulates criminal minds out there. Great job, MR/BlackHat, again you made a better world!
"Low cost,
high success rate,
practical."
In Europe, courts would immediately examine whether this is an "invitation to commit a crime". Such publication or instruction then is illegal and not covered by "free speech".
We may now wait and see when the accounts of the first billionaires killed will be plundered...
Somehow this fits in with the many dark souls here at MacRumors who want to criticize everything and make it ridiculous. Especially things from Apple.
Last edited:
Face ID already has such a high failure rate that I just turned off attention detection which made it more accurate. I figured it was pretty easy to get around it if someone really wanted to and I can't think of many situations where this would be a problem for me.