FB pixel

Researchers spoof FaceID biometric liveness detection with video injection and tape


Researchers from Tencent Security’s Zuanwu Lab have developed successful spoof attacks on biometric liveness detection systems, ranging from placing tape on eyeglasses to video stream injection, Dark Reading reports.

Zhuo (HC) Ma delivered a presentation by himself at Black Hat USA after his associate’s visas were denied, explaining that the team started by looking into the details of biometric authentication and anti-spoofing implementations. Ma notes that previous studies have focused on generating fake audio or video, but any a real attack requires defeating liveness detection.

“With the leakage of biometric data and the enhancement of AI fraud ability, liveness detection has become the Achilles’ heel of biometric authentication security as it is to verify if the biometric being captured is an actual measurement from the authorized live person who is present at the time of capture,” Ma pointed out, as reported by Threat Post.

In one demonstration, Ma showed a method for injecting a video stream into the authentication device in between the optical sensor and the processor. The method requires latency and information loss to be kept low, while avoiding detection. The method would require capturing specific video of the user, and gaining physical control of the device, and is therefore not a practical attack method, Ma says.

A second demonstration relies on the use of 2D imaging by 3D systems to deal with eye glasses. By simulating eyes with points of white tape on a background of black tape, the researchers showed that a sleeping person’s device could be unlocked by placing taped glasses on the person’s face, assuming he or she does not wake up during the attempt.

The demonstrations targeted Apple’s FaceID, so it is not clear whether the same techniques would work on other systems, such as 2D facial liveness technologies. A presentation of a FaceID hack scheduled for a previous Black Hat conference was withdrawn after doubts about whether it could be reproduced, and FaceID has been shown less vulnerable to spoof attacks than some other facial recognition systems.

The researchers suggest that biometric companies could improve liveness detection systems by adding identity authentication for native cameras, and increasing video and audio synthesis detection capabilities.

Article Topics

 |   |   |   |   |   |   |   | 

Latest Biometrics News


Indonesia issues call for World Bank-backed digital identification project

Indonesia is looking for a company providing consulting services as a part of its upcoming digital transformation project backed by…


Affinidi data sharing framework leverages privacy-preserving open standards

Affinidi, a company specializing in data and identity management, unveiled the Affinidi Iota framework at the WeAreDevelopers World Congress. This…


Sri Lanka set for January biometric passport launch, plans airport upgrades

Sri Lanka is preparing to begin issuing biometric passports with electronic chips embedded as of January, 2025, according to a…


Vending machines with biometric age verification roll out in Germany, US

Vending machines are growing in popularity as a way to sell age-restricted products around the world, with Diebold Nixdorf algorithms…


San Francisco police hit with lawsuit over facial recognition use

In 2019, San Francisco became the first city in the U.S. to ban facial recognition technology, forcing the police and…


3 East Asian countries expand biometric border systems

Myanmar junta’s new smart card is trapping migrant workers inside the country and fueling a black market. Indonesia and Malaysia…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events