Skip to main content

Heavy sleepers, beware: Researchers bypass Apple FaceID using glasses with tape

Heavy sleepers should probably not leave their iPhones lying around, after a team of security researchers exposed a vulnerability with the FaceID facial recognition system using an ordinary pair of glasses and two colors of tape.

In the session at Black Hat USA 2019 titled Biometric Authentication Under Threat: Liveness Detection Hacking, researchers from Tencent demonstrated how to exploit a specific vulnerability in FaceID.

Liveness detection is part of the biometric authentication process that separates real facial features from the fake ones. Part of the process is determining whether a person is awake with eyes open, or asleep with eyes closed. If the iris and pupil are not detected, then the device will not unlock.

Meanwhile, Apple’s facial recognition system allows iPhone owners to unlock their devices even while they are wearing glasses. However, once FaceID detects glasses, it skips extracting information from the eye area.

Combining these two features, the Tencent researchers figured out a way to bypass FaceID by sticking black tape on the center of each lens, and then white tape in the middle of each black tape. The black tape and white tape represent the iris and pupil, respectively.

Once the glasses are worn by victims, holding up their iPhone to their faces will trick FaceID and unlock the devices, giving the attacker access.

Regular iPhone owners will not have to worry about the FaceID vulnerability, as it will be difficult to put glasses on sleeping people without waking them up. The exploit will be effective when the victim is unconscious though, which will probably raise more alarms than an unlocked iPhone.

The method presented by the Tencent researchers is similar to the adversarial glasses that have baffled facial recognition systems. There have been other ways of fooling the technology such as a baseball cap studded with LEDs and a mash-up of a mask, but the glasses with tape trick appears to be the easiest to pull off so far.

Apple itself was at the Black Hat conference to announce an expanded bug bounty program that will pay $1 million for researchers who can discover a “zero-click full chain kernel execution attack with persistence.”

Aaron Mamiit
Aaron received an NES and a copy of Super Mario Bros. for Christmas when he was four years old, and he has been fascinated…
This hidden Apple Watch feature is better than I could have imagined
FaceTime call alert.

Apple Watch getting FaceTime caller notification Nadeem Sarwar / Digital Trends

A few days ago, I bravely admitted to my colleagues that I rely on an Android tablet for my daily work. “Nadeem, has anyone told you about PCs,” one of my editors replied. “Good god, man, who hurt you?” remarked another senior editor. They’re not wrong, while I remain as shameless as ever in my experimental preference for work machines.

Read more
Apple may face ‘severe’ iPhone 15 shortage over production issue, report says
The Apple logo on the iPhone 14 Pro Max.

Hoping to get your hands on an iPhone 15 Pro or iPhone 15 Pro Max when the new phones come out in the fall? Well, you may be in for a wait.

Apple is experiencing production issues caused by a new manufacturing process designed to significantly reduce the size of the bezel around the display, according to a report from The Information on Thursday.

Read more
No, you can’t use an Apple gift card on Apple Pay
Photo of Apple gift cards.

A viral TikTok has made the internet rounds, showing a person who thought that they could transfer Apple gift card funds to Apple Pay. After buying a $300 Apple gift card, however, they quickly learned that that's simply not possible. While their choice might seem misguided in hindsight, there are plenty of people who have been left confused about the differences between Apple gift cards and Apple Pay.

While having a $300 Apple gift card certainly has its uses — such as buying 10 years of Apple Music, as the original poster jokingly pointed out — it's certainly not the same as having that same money to spend freely with Apple Pay. To avoid making the same mistake as this TikTok user, make sure that you understand the distinctions between the two Apple services, as it might just save you $300 (or more).
You cannot add Apple gift cards to Apple Pay

Read more