قالب وردپرس درنا توس
Home / Apple / Face ID security defeated with glasses and tape

Face ID security defeated with glasses and tape




Security researchers managed to bypass Face ID's "liveliness" detection on iPhone and iPad Pro with everyday objects, and defeats what is considered the industry's most advanced biometric security system by using little more than a pair of glasses with tape attached to the lenses.

When Apple debuted Face ID during the unveiling of iPhone X in 2017, it was claimed that the technology had a one million chance of being unlocked by a random person, a significant improvement over Touch ID's 1 of 50,000 false positive chance. The high-profile security system has led to attempts by security researchers to combat it, but at the Black Hat conference, Face ID appears to be subject to a relatively simple technique.

Demonstrated on Wednesday, ThreatPost reports Tencent researchers used the "liveliness" detection of Face ID, used to confirm the person they are looking at is real and not a mask or someone wearing wearing prosthetics. By detecting background noise, distortions in response and blur in focus, biometric tools like Face ID can determine if it looks at a real face, not a manufactured version.

Life registration is one of many underlying technologies that make Face ID more efficient and accurate than competing solutions used to secure Android devices.

The discovery of viability also prevents Face ID from being used when the registered owner is asleep, and in theory prevents attackers from simply pointing the TrueDepth camera to the face of an unconscious user. Researchers discovered that Face ID changes the scanning process when a target uses glasses.

"After our research, we found weak points in Face ID and let users unlock while wearing glasses," advised Tencent & # 39; s Zhuo Ma. "If you wear glasses, it will not extract 3D information from the eye area when it recognizes the glasses."

The researchers created the "X-glasses" prototype, namely glasses that are blackened with white tape and then coated with black tape. By placing the glasses on the victim, Face ID could be unlocked and money to be authorized for transfer in a financial app.

While the theory is sound in that it can defeat Face ID, the attack is only very useful against unconscious victims, and requires both physical access and the difficult move of placing glasses on the face without waking them up.

The researchers propose to add extra elements to biometric systems, including identity authentication and changing the weighting of video detection and audio synthesis to better improve the detection systems for vividness.

Tencent is not the first to claim success in defeating Face ID. Immediately after the iPhone X saw the release, a Vietnamese company fooled the security feature with the help of a 3D-printed mask with silicone fitted, makeup and "specially treated" areas. The same company replicated bypass with a $ 200 3D-printed mask that incorporated 2D infrared images.

Face ID can, in distant cases, deceive family members similar to the unit owner.

Recently, a Chinese researcher from Ant Financial was ready to present a simple bypass of the biometric security protocol at a Black Hat conference in January, but canceled at the last minute after his company characterized the conversation as "misleading." [19659016]! function (f, b, e, v, n, t, r)
{If (f.fbq) return; n = f.fbq = function () {n.callMethod?
n.callMethod.apply (n, arguments): n.queue.push (arguments)};
if (! f._fbq) f._fbq = n; n.push = n; n.loaded = 0 ;! n.version = & # 39; 2.0 & # 39 ;;
n.queue = []; t = b.createElement (e); t.async = 0 !;
t.src = v; s = b.getElementsByTagName (s) [0];
s.parentNode.insertBefore (t, s)} {window, document, & # 39; script & # 39 ;,
& # 39; https: //connect.facebook.net/en_US/fbevents.js');
fbq (& # 39; init & # 39 ;, & # 39; 303691330110002 & # 39;);
fbq (& # 39; track & # 39 ;, & # 39; PageView & # 39;);

Source link