Apple has fixed a security gap in the Face ID biometric authentication system with iOS and iPadOS 15: An attacker with a 3D model of the owner’s face might be able to log in with Face ID, Apple released an operating system update. announced after The problem has been eliminated by improving anti-spoofing technology, which aims to detect and prevent such fraud attempts.
Some Known Attacks on Face ID
More details about the Face ID gap are yet to be revealed. Accordingly, it is not clear how complex it is to create such a mask and whether it can also be used to carry out Apple’s “Attention Check”, which checks whether the device is held with open eyes while logging on. is seen or not. weak point found according to apple Chinese security researcher Wish Wu Ant-Financial Light-Eared Security Lab.
Wu has apparently been involved in outsmarting biometric authentication systems like Face ID for a long time. In 2019, the hacker announced a lecture at the Black Hat conference that was supposed to show how Face ID could be rolled out – but suddenly withdrew it and thus sparked speculation. He reportedly only used a black and white photo and tape for his hack, but it may not even work reliably. In 2017, Vietnamese security researchers caused a sensation with a twin mask that allegedly could have been used to unlock Face ID iPhones – but questions remained unanswered.
iOS 14.8 (greater) closes vulnerabilities
According to previous information from Apple, iOS and iPadOS 15 eliminate a total of 22 vulnerabilities, including serious gaps in the kernel and WebKit that allow malicious code to execute. The Federal Office for Information Security (BSI) has errors at the highest risk level 5 and recommends an update as soon as possible. Apple has already fixed several vulnerabilities this time around with iOS 14.8, as it just became known – users have the option to stay on iOS 14 without skipping security updates. According to Apple, the Face ID gap was fixed only in iOS 15.
(LBE)