Security researchers attending the annual Black Hat hacker convention in Las Vegas have managed to bypass the iPhone FaceID user authentication in just 120 seconds.
The way they did it may well surprise you, but should it worry you as well?
Black Hat is always guaranteed to produce some exciting security headlines, and this yearâ€™s convention certainly hasn’t disappointed. Everything from a demonstration of how WhatsApp messages can be intercepted and manipulated to Microsoft confirming it had paid hackers $4.4 million (Â£3.6 million) for example. However, for sheer ingenuity and that “WTF” factor, what the researchers from Tencent did is pretty hard to beat.
What did the researchers do?
The researchers were able to demonstrate that they could bypass the FaceID user authentication and access the iPhone of the victim in less than 120 seconds. To do so, they needed three things: a pair of spectacles, some tape and, erm, a sleeping or unconscious iPhone user.
The researchers found a flaw in the liveness detection function of the biometric authentication system that is used by Apple for unlocking an iPhone using FaceID. During the session, Threatpost reported, the researchers said that “Liveness detection has become the Achillesâ€™ heel of biometric authentication security as it is to verify if the biometric being captured is an actual measurement from the authorized live person who is present at the time of capture.”
This is to get around the problem that so many biometric ID systems suffer from with hackers bypassing the authentication with the help of wax hands or 3D-printed heads. It’s clever stuff and will prevent someone from unlocking an iPhone while the owner is asleep, for example.
Except it doesn’t. Assuming you can follow the hacking process demonstrated by Tencent, which is relatively unlikely in most scenarios. Not that the method isn’t unusual and has that wow-factor, but rather it would be a difficult one to pull off in the real world. It would be a lot easier to access a TouchID-protected iPhone using the finger of a sleeping victim.
All these kinds of hacks require physical access to both the device and the unresponsive owner. Somewhat ironically, I don’t think you need to lose too much sleep over this one.
How does the FaceID hack work?
The researchers discovered that the FaceID liveness process wouldn’t extract full 3D data from the area around the eye if it recognizes the owner is wearing glasses. Instead, it looks for a black area for the eye with a white point upon it for the iris. So the researchers created a pair of spectacles with white tape covered by black tape in the center. A hole in the black tape was allowing the “white point” to be visible to FaceID. This is enough to fool FaceID and unlock the iPhone
But it’s also the last time you can use the word “simply” in connection with the hack. Sure, the researchers showed how they placed the “X-glasses” onto a “sleeping” victim, unlocked the iPhone and managed to transfer money using mobile payment. But you try and do that in the real world.
It’s not impossible by any means, but it does require a sleeping or unconscious victim who happens to have an iPhone protected with FaceID and who won’t wake up when you are stuffing a pair of specs onto their face.