Apple’s Face ID security system has been compromised at a black hat security conference. Using glasses, black and white tape and the iPhone user’s actual face, hackers were able to break into an iPhone in less than 120 seconds.
Face ID is touted as an unbreakable security barrier, and for the most part, it is. The feature uses advanced biometric technology to authenticate users. By projecting and detecting infrared dots on the user’s face, the system creates a 3D face map. It’s a remarkably secure system, that cannot be compromised by a photo. The system isn’t fooled by glasses, facial hair or other accessories. It even checks if the user’s eyes are open, to prevent someone from unlocking a sleeping user’s iPhone.
Given the robust security of Face ID, it’s difficult to imagine how it can be bypassed in less than two minutes. Black hat security experts were able to pull it off, with some difficulty.
Using eye glasses, black tape and white tape, the security experts were able to fool Face ID into recognizing an unconscious user. The black and white tape were attached to eye glasses in such a way that the white tape appeared as opened eyes. With the glasses placed on the iPhone user’s face, they were able to unlock the device.
This vulnerability is difficult to exploit. It requires interfering with the user in a detectable way. Most sleeping people would awaken if someone put eyeglasses on their face. Malicious actors would need to subdue the victim, which is possible, but unlikely.
As usual, Apple has remained silent about this flaw. It’s not clear what they can do to fix this issue. It’s such an extreme edge case, they may ignore it altogether. After all, a violent, malicious actor could simply force you to authenticate with Face ID. If anything, this demonstrates Face ID’s impenetrability.