Face ID on iPhone can be fooled by glasses and electrical tape (not blue)

At the Black Hat 2019 conference in Las Vegas (Nevada, USA), security experts demonstrated how to easily bypass the Face ID unlock system used on Apple smartphones using a kind of biometric Achilles heel.   It turned out that it was not difficult to outwit the Face ID sensors: you just need to wear ordinary glasses, on top of the lenses of which are glued large squares of black electrical tape, inside which small squares of white electrical tape are glued.   “Achilles’ heel” was found in the features of Face ID, writes the publication ThreatPost.   As the experts found out, the Attention Detection does not scan the eye area when the user is in front of the smartphone with glasses.   The Face ID workaround is shown on this slide:       Large black squares of electrical tape mounted on glass imitate the user’s eyes, small white pieces of electrical tape over black serve as pupils.   In this way, Apple’s biometric authentication system is misleading.   Indeed, for this system, it seems that the device user is conscious and looking directly into the camera.   Of course, in a real situation, it is quite problematic to carry out such an attack, which was recognized by researchers at the Black Hat 2019 conference, since in order to use this vulnerability, a number of such conditions must be met:      the presence of glasses at hand (they should not be sun-protection), electrical tape of two colors and scissors;  There must be physical access to the smartphone;  a sleeping or immobilized user who does not notice that they are wearing glasses.   Thus, security experts at the Black Hat 2019 conference wanted to show that the growth in the spread and widespread use of biometric systems to protect devices and data of users and organizations will be a new attack vector for attackers. And companies and organizations that produce and use such systems must quickly and proactively work to improve and modify biometric systems.   Indeed, any revolutionary method of protecting personal data, even close to ideal, can sometimes be circumvented by the simplest things that are at hand.