Apple's Faceid — a facial recognition tool that unlocks mobile devices — has a countermeasure that is designed to prevent attackers from scanning an sleeping/unconscious (or dead) person's face to unlock their phone, by scanning the face for signs of consciousness.
These countermeasures have a weakness in how they perform proof-of-life checks on users who are wearing glasses: they seek out a white dot surrounded by a black area, and this can be spoofed just by putting the right combination of black and white tape on a pair of glasses and put them on your victim's face (presumably without waking them, assuming they are alive).
Researchers from Tencent demo'ed the attack at Black Hat last week and used it to unlock a phone and approve a cash transfer from the owner's Apple Pay account to their own.
The attack comes with obvious drawbacks – the victim must be unconscious, for one, and can’t wake up when the glasses are placed on their face. However, it does show the weaknesses behind the security and design of liveness detection and biometrics in general, researchers said.In terms of mitigations, researchers suggested that biometrics manufacturers add identity authentication for native cameras and increase the weight of video and audio synthesis detection.
Biometrics Flaws Uncovered To Bypass Apple FaceID [Lindsey O'Donnell/Threatpost]
(via Schneier)