All you need are a pair of glasses, black tape and a sleeping victim.
From Davey Widner’s “Apple’s iPhone FaceID Hacked In Less Than 120 Seconds” posted Saturday on Forbes.com:
The researchers were able to demonstrate that they could bypass the FaceID user authentication and access the iPhone of the victim in less than 120 seconds. To do so, they needed three things: a pair of spectacles, some tape and, erm, a sleeping or unconscious iPhone user.
The researchers found a flaw in the liveness detection function of the biometric authentication system that is used by Apple for unlocking an iPhone using FaceID.
The researchers discovered that the FaceID liveness process wouldn’t extract full 3D data from the area around the eye if it recognizes the owner is wearing glasses. Instead, it looks for a black area for the eye with a white point upon it for the iris. So the researchers created a pair of spectacles with white tape covered by black tape in the center. A hole in the black tape was allowing the “white point” to be visible to FaceID. This is enough to fool FaceID and unlock the iPhone…
It’s not impossible by any means, but it does require a sleeping or unconscious victim who happens to have an iPhone protected with FaceID and who won’t wake up when you are stuffing a pair of specs onto their face.
My take: Not losing any sleep over this one.