Apple billed Face ID to be far more secure than Touch ID all the way back in 2017 when it introduced the TrueDepth camera in the iPhone X. The company has repeated this view more than a few times, although the biometric security measure has technically been dropped sometimes.
However, it is not easy to bypass Face ID. While technically feasible, it usually takes many different steps and very, very specific parameters to achieve. But it can be done. And that's exactly what looks like it happened again, thanks to researchers from Tencent. The story was first reported by ThreatPost (via AppleInsider ).
The detour was demonstrated this week and involves a pair of glasses and tape. The methodology works by taking advantage of the "liveliness" detection element in Face ID. This part of the biometric security measure is intended to confirm that the TrueDepth camera is looking at a real person instead of a mask or prosthetic. Liveness detects a number of elements, such as background noise, focus blur, and any distortions in response.
The Lifecycle feature is intended to make Face ID more secure. And by default and under normal circumstances it does just that. However, it can also be used against Face ID, apparently.
After our research, we found weak points in Face ID so that users can unlock while wearing glasses. If you wear glasses, it will not extract 3D information from the eye area when it recognizes the glasses.
The new glasses used by Tencent scientists are called "X glasses". The main glass is washed out with white tape, and then it is applied to black tape. The X-glasses are then placed on a sleeping person . The researchers not only managed to use Face ID to unlock the phone, but transferred money to a financial app for good measure.
As there are pairs for the course, while it is technically possible to bypass Face ID with this method, it is quite extreme. You will need a pair of glasses with white and black tape applied to darken the glass and then a sleeping person to put them on.
The researchers suggest that additional elements must be added to biometric security measures including identity verification.
So while this is actually extreme and the majority of iPhone owners don't have to worry about something like this, if that means Apple is adding even more security measures to the mix which is a good thing.