Apple's Face ID can be fooled by an altered pair of glasses, but there's a weird catch
Skeptical about the security of Apple's Face ID? This news won't help.
As Threatpost reports, researchers from Chinese tech giant Tencent showed at the Black Hat USA conference on Wednesday how they used a pair of glasses with tape placed on the lenses to fool facial recognition software, including Face ID. The catch: the victim has to be unconscious for the hack to work.
The newly discovered vulnerability exploits the “liveness” detection aspect of biometrics authentication, which helps determine what's "real" and "fake" when reading a face, according to Threatpost. By putting a small piece of black tape with an even smaller piece of white tape on each lens, the glasses are able to fool the liveness detection.
This Tweet is currently unavailable. It might be loading or has been removed.
Threatpost elaborates:
Researchers specifically honed in on how liveness detection scans a user’s eyes. They discovered that the abstraction of the eye for liveness detection renders a black area (the eye) with a white point on it (the iris). And, they discovered that if a user is wearing glasses, the way that liveness detection scans the eyes changes.
“After our research we found weak points in FaceID… it allows users to unlock while wearing glasses… if you are wearing glasses, it won’t extract 3D information from the eye area when it recognizes the glasses.”
Granted, that's a very specific set of circumstances that sounds like something out of a spy film, but it's not a totally outlandish scenario. And now that this loophole has been uncovered, it's also not crazy to think someone will come up with a much easier way to exploit it.
This is hardly the first time Face ID has been fooled; people have been getting around it almost since it rolled out.
Admittedly, most of those scenarios -- like an evil twin! -- sound as unlikely as altered glasses on your unconscious face. You're probably pretty safe using Face ID in your day-to-day life.
But each vulnerability feeds into the general unease surrounding the technology. Luckily, you can still choose to use passcodes instead.
Topics Apple Cybersecurity
Marcus Gilmer is Mashable's Assistant Real-Times News Editor on the West Coast, reporting on breaking news from his location in San Francisco. An Alabama native, Marcus earned his BA from Birmingham-Southern College and his MFA in Communications from the University of New Orleans. Marcus has previously worked for Chicagoist, The A.V. Club, the Chicago Sun-Times and the San Francisco Chronicle.
