Researchers Hack FaceID with Regular Glasses and a Unconscious Victim

Researchers from Tencent demonstrated how they could hack FaceID using regular glasses and a victim that is passed out.

Researchers Hack FaceID with Regular Glasses and a Unconscious Victim
Man using facial recognition to unlock phone Spencer_Whalen/iStock

Researchers discovered a way for hackers to get passed facial recognition tools including FaceID, but most people won't have to worry about it since the victims have to be passed out in order for hackers to pull it off. 

During Black Hat USA 2019, the annual information security event that was held in Las Vegas last week,  Threat Post reported researchers from Tencent, the Chinese internet company, showed off how they were able to get passed FaceID and get into a user's phone by using a pair of glasses that had taped covering the lenses that were placed on the victim's face. The catch: the victim has to be unconscious and the hacker can't wake them up as they are perpetrating the crime. 

RELATED: FACEBOOK LOSES FACIAL RECOGNITION LAWSUIT AND COULD OWE BILLIONS IN FINES

Advertisement

Tencent researchers targeted the liveness feature of biometrics

The Tencent researchers were able to access the part of the biometric authentication process that identifies real and fake features of the users. Apple's FaceID using the feature called liveness. That feature enables people to glance at their phone to unlock it.

Advertisement

Researchers decided to see if they could get around it by using the victim's face as he or she is unconscious. They focused on how the technology detects the eyes of a user and determined that if a user has glasses the liveness detection scans the eye differently. The researchers said that when wearing glasses FaceID can't access 3D information from the eye. Armed with that knowledge they developed the glasses that have black tape over the lenses and white tape inside the black tape. When the eyeglasses were placed on the passed out victim they were able to get into the phone and transfer money. 

Advertisement

“With the leakage of biometric data and the enhancement of AI fraud ability, liveness detection has become the Achilles’ heel of biometric authentication security as it is to verify if the biometric being captured is an actual measurement from the authorized live person who is present at the time of capture,” researchers said during the Black Hat USA session, according to the report. 

Advertisement

This isn't the first time facial recognition systems were hacked

This isn't the first time researchers were able to infiltrate facial recognition systems. In late 2018 Forbes staff writer Thomas Brewster spent about $300 to have a copy of his head printed in 3D. Armed with the 3D head, he was able to trick the facial recognition system.  He tested it on four Android phones and one iPhone X. Apple's iPhone X wasn't penetrable.  

Advertisement