Apple's biometric security ID on ID could be misused by using a pair of glasses with tape attached to them, Tencent security researchers have discovered. ThreatPost reports that the method is capable of tricking Face ID into believing someone's eyes are open, which means it can give hackers access to a locked iPhone while the owner is asleep.
However, the reality of the hacker means that it is unlikely to be of much practical use in a real context. A hacker literally has to place a pair of glasses on their target without noticing it, and then hold the phone in front of them. It would be much easier for someone to just force a target to look at their device, as one FBI agent did last year.
Tencent's discovery sheds an interesting light on how Apple's latest biometric security process works, however. The researchers realized that when a subject is wearing glasses, Face ID is only trying to look for 2D rather than 3D information from the eye area. It is then relatively easy to fake this 2D information with a black piece of tape with a white spot on it, which Face ID then mistakes for an open eye as part of the "vividness detection" mechanism. (You can see a photo of these so-called "X-Glasses" in the ThreatPosts report.) Since the rest of the face matches the iPhone & # 39; s biometric plate, the phone unlocks.
This is not the first time security researchers claim to have detected a Face ID vulnerability. Back in 201
By contrast, Apple's previous biometric security method, Touch ID, was hacked within 24 hours of its first sale, and it relies on having only a single high-resolution photograph of a fingerprint left on a surface. The following year, a security researcher showed how they could use these techniques to construct a working model of the German Defense Minister's fingerprints using a high-resolution image of their hand. You can also, of course, just hold a target finger on the phone while sleeping – no glasses required.