Glasses and black adhesive tape are all you need to fool Face ID with attention turned on

9. 8. 2019

A vulnerability in Face ID was revealed at the Black Hat security conference. You will need glasses with black adhesive tape to break them.

A specific case concerns Face ID with the required attention function. These will not allow the device to be unlocked with closed or squinted eyes. However, this limitation can obviously be circumvented quite easily.

Experts from Tencent have shown that ordinary glasses and a few pieces of black adhesive tape are enough. They discovered that Face ID cannot correctly scan the face in 3D in places where there are glasses.

At Tencet, they focused on how way Face ID works with biometric data. In particular, they investigated the process that distinguishes true and false attributes on a human face. The feature tries to detect background noise, distortion or blur.

They noticed a very interesting thing about the “Require Attention for Face ID” feature. They found that a black area (eye) with a white dot (lens) is rendered on the background. However, once a person has glasses on their face, the attention detection function works completely differently.

X glasses fool Face ID's attention detection

The experts then thought of taking ordinary glasses and cutting out two rectangles from black adhesive tape. They then cut small squares from the white tape, which were glued in the middle. These "X-glasses" easily confuse the function that watches over a person's eyes. And they managed to unlock the device.

Of course, such an attack is unlikely to be common. On the other hand, it is not completely unrealistic. You still need the victim's physical face, but you can bypass attention detection. So, a scenario is quite possible where the person will be forced to wear "Glasses X" and attackers can easily bypass Face ID protection.

The Black Hat Security Conference continues. Also present are representatives of Apple itself, which announced further support for programs for finding errors. New rewards will be even higher and the program will be extended to macOS in addition to iOS. Apple also plans to give out special devices with an unlocked operating system to security experts so they can attempt even more sophisticated attacks.

Source: 9to5Mac

Topics: face ID, 9to5mac, program, MacOS, iOS, function, Apple Lossless Audio CODEC (ALAC),

Discussion of the article

Lavi

9. 8. 2019 17:58

Okay, so there was no Face ID hack, just an attention tracking hack. You would also make a sensation out of a piece of shit. ?

Your name

Your comment

By filling in the above data, I acknowledge that the company TEXT FACTORY s.r.o., registered office in Brno, Durďákova 336/29, Černá Pole, ZIP code: 613 00, ID number: 06157831, registered at the Regional Court in Brno, section C, insert 100399, will process my personal data provided in the registration form filled out by me on the basis of the legitimate interests of TEXT FACTORY s.r.o. according to Article 6 paragraph 1 letter f) GDPR and to fulfill legal obligations (Article 6, paragraph 1, letter c) GDPR), for the following purposes: the necessity to ensure the authorization of visitors to websites operated by TEXT FACTORY s.r.o. to actively contribute to published articles or within discussion forums and exercising the rights of TEXT FACTORY s.r.o. as the administrator of these discussion forums. More information about the processing of personal data and rights can be found in Lessons on personal data protection. the entire text

It could be interest you

X glasses fool Face ID's attention detection

It could be interest you

Related