Submitted via IRC for AndyTheAbsurd
Security researchers have cracked Apple's FaceID biometric system yet again. But there's an unusual caveat to this trick: to successfully unlock an iPhone, the attackers first need to make sure the victim is out cold.
[...] So why do you need glasses to pull off the attack? Well, it turns out FaceID scans eyes differently when people wear glasses.
"We found weak points in FaceID," the researchers explain. "It allows users to unlock while wearing glasses [...] if you are wearing glasses, it won't extract 3D information from the eye area when it recognizes the glasses." Using this trick, the researchers were able to unlock a victim's phone and even transfer their funds through a mobile payment app.
Source: https://thenextweb.com/plugged/2019/08/09/apple-faceid-iphone-broken-biometric/
Also at ThreatPost
(Score: 2) by takyon on Saturday August 10 2019, @03:39PM (1 child)
At least nobody needs to have their thumb cut off.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Saturday August 10 2019, @11:58PM
True, but what I want to know is, how did they actually test this idea out? Did they approach volunteers and say, "We want to test iPhone's FaceID using you as a test subject, but we need to punch you unconscious to do it"? I can't imagine that there would be all that many takers under those circumstances.