Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Researchers Demonstrated Method for Bypassing Face ID on an 'Unconscious' Victim's iPhone Using Glasses and Tape
- Thread starter MacRumors
- Start date
- Sort by reaction score
I think you're all looking at this the wrong way. I really don't think this application will be used by criminals for access but for people in custody, handcuffed, and pinned to a wall or some other tactic. Police are already trained not to look at the phone so their face won't inadvertently disable Face ID. So even criminals closing their eyes can then provide access. I believe it's fast enough to work no matter how much they fidget.
On any iPhone, checking a possible passcode takes 80 milliseconds. With no way getting around that unless you want to beat 256 bit encryption, with a different key for every single file on the device, because the processor in your iPhone is needed for decryption. So checking more than about a million passcodes per day is impossible.
Pressing on the sleep/wake button of a Face ID-enabled iPhone five times in rapid succession brings up an emergency SOS screen that automatically disables Face ID and requires a passcode to be entered before Face ID works again
You may also want to mention that pressing the sleep/wake button five times in rapid succession also sounds an alarm and automatically dials 911, just in case you want to try it out at home...
You may also want to mention that pressing the sleep/wake button five times in rapid succession also sounds an alarm and automatically dials 911, just in case you want to try it out at home...
Biometrics was a way to collect fingerprint and faces of the population. You already gave them your DNA and the data on your hard drives (cloud backup). And they have your innermost thoughts on social media and in the "comments" section. Now the government literally has EVERYTHING on you. Next...a "cattle" chip installed under the skin. And yet the mouse pushers here just say "sir may I have another".
Except Touch ID is far easier to access in a situation like this
Ya stupid me only created in Touch ID fingerprint using my right index finger and sure enough I severed it using the chop saw building my deck. I tried in vain, grabbing my severed finger and slapping its bloodiness on the damn phone to no avail. All while my stump spurred blood.
People, be sure to create two Touch ID prints on separate hands. Ya just never know
Still highly unlikely. Even so just password protect any app that’s a security risk
Means even if a user has activated attention aware for FaceID, another individual can simply knock you out, put on a simple non-prescription set of glasses with black and white tape to resemble vague eyes being open and can simply get into an iPhone. Notice that the strips of black tape is not circular and neither is the white squares. Which leads me to believe that attention aware feature functions on contrast of light absorption and light reflection. This additional step of security can be by-passed by a simple hack, quite interesting and funny.
The moral of the story is any man-made security can be hacked. Yet people here are still trying to justify if TouchID is more secure compared to FaceID, I wonder why that is because the price of iPhone X onward increased on a perceived more secure technology inclusion compared to the previous option.
FYI, I have an iPhone XS and have no reason to support or neglect the findings of this report. May it be TouchID or FaceID we all just want a cheaper and secure device.
[doublepost=1565318611][/doublepost]
No requirement, I wonder if paper cutout of open eyes may work sans glasses. Defeated by a paper hack.
[doublepost=1565318729][/doublepost]
I believe the hack may work just as well with just open eye paper cutouts placed over a sleeping persons closed eyes. No glasses required.
But Face ID is more secure than touch. Firstly touch doesn’t require a sleeping human for starters
Article quote:
“An attacker attempting to use this method in the real world would need a victim that's sleeping or unconscious, access to that victim's iPhone, and then glasses would need to be placed over the eyes without waking the person up.”
Yeah, because this is a real easy to bypass the users Face using this method.
To be fair, you don’t even need to touch the victim. You can take the sides off the glasses and just hold the lens portion over their face. That is, assuming they sleep on their back.
Why not just make a plaster cast of their head whilst they're sleeping and put the glasses on that?
Like the above scenario, it's interesting FaceID can be fooled in this way but it's a long way from practical.
Like the above scenario, it's interesting FaceID can be fooled in this way but it's a long way from practical.
So you're planning for the scenario that someone intends to steal your information but they're also only prepared to go as far as printing off a photo to do so?
Very niche market.
Never seen anyone claiming that. Plenty of people are desperately trying to claim that FaceID's marginally increased security (and massively increased cost) has some practical benefit though.
This is interesting. They have legitimately exploited a weakness in Apple's implementation of FaceID and demonstrated that it works. As others have mentioned, it is not easy to deploy exactly as presented, although it does prove the concept of using glasses as an avenue of attack, so this is a useful academic exercise. Others may think of more practical deployment solutions.
There are potentially ways Apple could improve their hardware/software to mitigate this. Ultimately, the point of presenting this at a black-hat conference is to inform everybody (end users, other researchers, Apple, and other manufacturers exploring similar technologies) about the weakness.
The increased security of Face ID over Touch ID is only marginal if one considers 4x marginal. And then there’s the convenience factor of not touching the screen...