Apple billed Face ID as being far more secure than Touch ID way back in 2017 when it introduced the TrueDepth camera in the iPhone X. The company has reiterated that sentiment more than a few times, even if the biometric security measure has technically been beaten a few times.
However, it isn’t easy to bypass Face ID. While technically possible, it usually takes a lot of different steps and very, very specific parameters to accomplish. But, it can be done. And that’s exactly what looks like happened yet again, thanks to researchers from Tencent. The story was first reported by ThreatPost (via AppleInsider).
The bypass was demonstrated this week, and it involves a pair of glasses and tape. The methodology works by taking advantage of the “liveness” detection element of Face ID. This part of the biometric security measure is meant to confirm that the TrueDepth camera is looking at a real person rather than a mask or applied prosthetics. Liveness detects a variety of elements, like background noise, focus blur, and any distortions in response.
The liveness feature is meant to make Face ID more secure. And, by default and in normal circumstances it does just that. However, it can also be used against Face ID, too, apparently.
After our research we found weak points in Face ID, it allows users to unlock while wearing glasses. If you are wearing glasses, it won’t extract 3D information from the eye area when it recognizes the glasses.
The new glasses used by the Tencent researchers are called “X-glasses”. The main glass is washed out by white tape, and then that is overlaid with black tape. The X-glasses are then placed on a sleeping person. The researchers were able to not only use Face ID to unlock the phone, but transfer money within a financial app for good measure.
As is par for the course, while it’s technically possible to bypass Face ID with this method, it’s pretty extreme. You’d need a pair of glasses with white and black tape applied to blackout the glass and then a sleeping person to put them on.
The researchers suggest that additional elements need to be added to biometric security measures including identity authentication.
So while this is indeed extreme and the majority of iPhone owners won’t have to worry about something like this, if it means that Apple adds even more security measures to the mix that’s a good thing.