Researchers at the Black Hat security conference this week highlighted an interesting and impractical way to fool Face ID of Apple. Originally presented with the iPhone X, Face ID does an impressive job of allowing only authorized users to access a particular device. Anyway, Face ID is not completely infallible.
In recent years, we have seen some demonstrations that illustrate how Face ID can sometimes be fooled by twins or even siblings who look alike. There have even been stories of researchers using 3D printed plaster masks to fool the software.
Now, regarding the new Face ID solution mentioned above, Tencent researchers showed conference attendees how they were able to access a locked iPhone by placing glasses with black ribbon on the lenses on the face of the owner of an iPhone X presumably unconscious. As a result, Face ID only attempts to analyze the 3D information of a user's face when the user in question does not wear glasses. When a user wears glasses, Face ID is only based on a 2D construction that makes it much easier for people to cheat technology.
The researchers focused specifically on how life detection scans a user's eyes. They discovered that the abstraction of the eye for the detection of life produces a black area (the eye) with a white dot (the iris). And they discovered that if a user wears glasses, the way life detection scans the eyes changes.
"After our investigation, we found weaknesses in FaceID … it allows users to unlock while wearing glasses … if they are wearing glasses, they will not extract 3D information from the eye area when they recognize the glasses."
This is interesting? Of course. And while it provides us with interesting information about the internal functioning of the technology, it does not affect the effectiveness or reliability of Face ID in the least.
If someone leaves you unconscious and equips you with fake glasses is something that can happen to you, I would dare to say that Face ID security is your least concern. In fact, we have already been through this rigmarole with Touch ID. When Apple Presented its fingerprint authentication scheme with the iPhone 5s, some researchers made extraordinarily comical efforts to demonstrate how the function could be overlooked in extreme use cases.
Image source: Apple Inc.