Biometrics Flaws Uncovered To Bypass Apple FaceID

Thanks for sharing that @Stan-Overwatch!

So the Require Attention for Face ID just shuts off if it detects you are wearing glasses? That seems like something that Apple might like to make as a setting that you can disable, similar to the Require Attention setting, for those who want additional security.

The other scenario I always think about is in the event of arrest. Fingerprint biometrics, the police can force your finger onto to the sensor, but for Face ID they’d need to somehow force you to look at the phone if you have the Require Attention setting on. Now all they have to do is put glasses on you to bypass it.

Very good points, facial recognition, which is becoming widespread internationally will be a disaster if the databases are breached. At this point they may

as well put a QR code on everyone’s forehead. I still don’t understand how apple missed that, but I can envision a day that when you die your family inherits you biometric data.

Looks like Apple is realizing just how many ways there are around biometrics and other security systems. They just upped their maximum bug bounty to $1M:

Good point. You’re essentially only as secure as the mathematical digest of your physical attributes. Underlying biometric technologies will need serious vetting before MFA ever goes away - if it ever does.

“Passwords are dead. Long live passwords.”

Careful of 3d scannners…

Blockquote “Passwords are dead. Long live passwords.”

Till quantum processors comes, then we will need something stronger , maybe our DNA code

Except we all gave it away to ancestry websites.

Yup. If I’m wearing glasses (especially sunglasses), the Face ID shuts off and reverts to the password. So glasses don’t necessarily bypass authorization entirely, is just defaults back to password.