Apple has touted its Face ID facial scanner as more secure than its Touch ID fingerprint scanner and a reliable way to safeguard your data. But a new hack might give Apple some pause.
At the Black Hat security conference on Thursday (Aug. 8), security researchers showed how they could fool Face ID and open the iPhone by only using glasses and tape.
According to ThreatPost, which earlier reported on the hack, the key to the exploit is Apple's Face ID being unable to use 3D information for eyes when they're covered with glasses. In those cases, Apple can only use 2D information, which makes it easier to exploit.
Moreover, the researchers, which came from Tencent, analyzed how Face ID took data from the person's eyes. They discovered that Face ID was looking for a white area atop a black area in a person's eyes to ensure the person is both looking at the screen and is a real person. If one of those elements is missing, Face ID breaks down, according to the researchers.
So, they set out to take advantage of both the glasses component and the black-and-white component. They first took glasses and placed black tape behind the lenses. Atop the black tape, the researchers placed white tape to approximate the iris on an eye.
Next, they placed the glasses atop the person's face who had created the Face ID account and voila. Apple's Face ID allowed them passage.
While the process might sound rather involved to gain access to an iPhone with a Face ID dupe, it's not so ridiculous to believe someone could try to exploit it. After all, if a person is unconscious and the glasses are placed over their eyes, the attacker could seemingly gain access to their phones and run amok.
It's unclear how, or even if, Apple will respond to the apparent Face ID flaw. It's a decidedly difficult one to reproduce in the moment and might not be all that ubiquitous. But it's an exploit nonetheless.