Burner Phones Get a Fake Phone Number for Facebook Fast! Need a Fake Phone Number for Facebook Verification? Here’s How To Do It! For more Threatpost breaking news, stories and videos from Black Hat and DEF CON, click here. It was discussed widely at Black Hat USA 2018 as well, with new vulnerabilities in voice authentication being uncovered.īlack Hat USA 2019 has kicked off this week in Las Vegas. In terms of mitigations, researchers suggested that biometrics manufacturers add identity authentication for native cameras and increase the weight of video and audio synthesis detection.īiometrics have been at the center of attention this year as security experts wonder whether the new technology will create increased security or a new threat attack vector. However, it does show the weaknesses behind the security and design of liveness detection and biometrics in general, researchers said. The attack comes with obvious drawbacks – the victim must be unconscious, for one, and can’t wake up when the glasses are placed on their face. ![]() Putting these two factors together, researchers created a prototype of glasses – dubbed “X-glasses” – with black tape on the lenses, and white tape inside the black tape. Using this trick they were then able to unlock a victim’s mobile phone and then transfer his money through mobile payment App by placing the tape-attached glasses above the sleeping victim’s face to bypass the attention detection mechanism of both FaceID and other similar technologies. “After our research we found weak points in FaceID… it allows users to unlock while wearing glasses… if you are wearing glasses, it won’t extract 3D information from the eye area when it recognizes the glasses.” And, they discovered that if a user is wearing glasses, the way that liveness detection scans the eyes changes. They discovered that the abstraction of the eye for liveness detection renders a black area (the eye) with a white point on it (the iris). Researchers specifically honed in on how liveness detection scans a user’s eyes. “It comes with challenges, you don’t want to wake up a sleeping victim, and 3D systems are difficult to forge… you want a low cost solution with a high success rate,” said Ma. “X-Glasses” made by Tencent researchers to bypass FaceID biometrics detection Instead, researchers decided to focus on liveness detection, which allows users to unlock their phone with one glance, hoping to bypass the feature by using an actual victim’s face while they are unconscious. ![]() While previous attacks have focused on generating fake data to bypass biometrics, these types of audio or video attacks consist of various components – including stealing the victims’ device fingerprint, generating fake audio and video, and hardware-level inject – and involve several moving parts, Zhuo Ma, with Tencent Security, said. “With the leakage of biometric data and the enhancement of AI fraud ability, liveness detection has become the Achilles’ heel of biometric authentication security as it is to verify if the biometric being captured is an actual measurement from the authorized live person who is present at the time of capture,” researchers said during the Black Hat USA 2019 session, titled “Biometric Authentication Under Threat: Liveness Detection Hacking.” One such biometrics tool that utilizes liveness detection is FaceID, which is designed and utilized by Apple for the iPhone and iPad Pro. It works by detecting background noise, response distortion or focus blur. To launch the attack, researchers with Tencent tapped into a feature behind biometrics called “liveness” detection, which is part of the biometric authentication process that sifts through “real” versus “fake” features on people. The attack itself is difficult, given the bad actor would need to figure out how to put the glasses on an unconscious victim without waking them up. By merely placing tape carefully over the lenses of a pair glasses and placing them on the victim’s face the researchers demonstrated how they could bypass Apple’s FaceID in a specific scenario. Researchers on Wednesday during Black Hat USA 2019 demonstrated an attack that allowed them to bypass a victim’s FaceID and log into their phone simply by putting a pair of modified glasses on their face. ![]() Doing so requires the victim to be out cold. LAS VEGAS – Vulnerabilities have been uncovered in the authentication process of biometrics technology that could allow bad actors to bypass various facial recognition applications – including Apple’s FaceID.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |