You probably don’t need to worry about someone hacking your iphone x’s face id with a mask

Researchers hacked Apple"s FaceID authentication on the iPhone in just two minutes


Security researchers attending the annual Blaông chồng Hat hacker convention in Las Vegas have sầu managed to lớn bypass the iPhone FaceID user authentication in just 120 seconds.

The way they did it may well surprise you, but should it worry you as well?

Black Hat?

Blaông xã Hat is always guaranteed to lớn produce some exciting security headlines, and this year’s convention certainly hasn"t disappointed. Everything from a demonstration of how WhatsApp messages can be intercepted & manipulated khổng lồ Microsoft confirming it had paid hackers $4.4 million (£3.6 million) for example. However, for sheer ingenuity & that "WTF" factor, what the researchers from Tencent did is pretty hard to lớn beat.

Bạn đang xem: You probably don’t need to worry about someone hacking your iphone x’s face id with a mask

What did the researchers do?

The researchers were able to demonstrate that they could bypass the FaceID user authentication and access the iPhone of the victyên in less than 1trăng tròn seconds. To vày so, they needed three things: a pair of spectacles, some tape và, erm, a sleeping or unconscious iPhone user.

The researchers found a flaw in the liveness detection function of the biometric authentication system that is used by Apple for unlocking an iPhone using FaceID. During the session, Threatpost reported, the researchers said that "Liveness detection has become the Achilles’ heel of biometric authentication security as it is to verify if the biometric being captured is an actual measurement from the authorized live person who is present at the time of capture."

This is khổng lồ get around the problem that so many biometric ID systems suffer from with hackers bypassing the authentication with the help of wax hands or 3D-printed heads. It"s clever stuff and will prevent someone from unlocking an iPhone while the owner is asleep, for example.


Score 5% Bachồng In Your Top Spending Category With New Citi Custom Cash Card

Robin Saks Frankel Advisor Staff

Why Your IRS Refund Is Late This Year

Ellen Chang

Except it doesn"t. Assuming you can follow the hacking process demonstrated by Tencent, which is relatively unlikely in most scenarios. Not that the method isn"t unusual và has that wow-factor, but rather it would be a difficult one lớn pull off in the real world. It would be a lot easier lớn access a TouchID-protected iPhone using the finger of a sleeping victlặng.

All these kinds of hacks require physical access to both the device and the unresponsive sầu owner. Somewhat ironically, I don"t think you need to lớn thua thảm too much sleep over this one.

Xem thêm: Đánh Giá Huyền Thoại Tam Quốc, Game Chiến Thuật Thẻ Tướng Trên

How does the FaceID haông xã work?

The researchers discovered that the FaceID liveness process wouldn"t extract full 3D data from the area around the eye if it recognizes the owner is wearing glasses. Instead, it looks for a blaông xã area for the eye with a Trắng point upon it for the iris. So the researchers created a pair of spectacles with Trắng tape covered by blaông chồng tape in the center. A hole in the black tape was allowing the "white point" khổng lồ be visible to FaceID. This is enough to lớn fool FaceID and unloông chồng the iPhone

But it"s also the last time you can use the word "simply" in connection with the haông chồng. Sure, the researchers showed how they placed the "X-glasses" onto a "sleeping" victyên ổn, unlocked the iPhone và managed khổng lồ transfer money using Mobile payment. But you try và vì chưng that in the real world.

It"s not impossible by any means, but it does require a sleeping or unconscious victlặng who happens lớn have an iPhone protected with FaceID và who won"t wake up when you are stuffing a pair of specs onkhổng lồ their face.

Xem thêm: Download Game Angry Birds Go!, Download Game Angry Birds Đua Xe

Updated August 12, 2019: This post was updated with a liên kết to lớn the presentation PDF


Davey is a three-decade veteran technology journadanh mục và has been a contributing editor at PC Pro magazine since the first issue in 1994. A co-founder of the Straight Talking Cyber Clip project, which has been named "Most Educational Content" at the 2021 European Cybersecurity Blogger Awards, Davey also won the 2020 Security Serious "Cyber Writer of the Year" title. A three-time winner of the BT Security Journadanh mục of the Year award (2006, 2008, 2010) I was also fortunate enough khổng lồ be named BT Technology Journacác mục of the Year in 1996 for a forward-looking feature in PC Pro called "Threats to lớn the Internet." In 2011 I was honored with the Enigma Award for a lifetime contribution to IT security journalism. Contact me in confidence at davey if you have a story lớn reveal or retìm kiếm khổng lồ cốt truyện.

Chuyên mục: Tin Tức