Poor apple, within the past week apple, has had many bad things happen to them such as having their Face ID hacked by security researches at the recent Black Hat convention in Vegas, the worst part is that they were able to hack the feature in under 120 seconds.
Face ID Hack
To do so, they needed three things: a pair of spectacles, some tape and, erm, a sleeping or unconscious iPhone user.
The researchers found a flaw in the liveness detection function of the biometric authentication system that is used by Apple for unlocking an iPhone using FaceID.
The researchers discovered that the FaceID liveness process wouldn’t extract full 3D data from the area around the eye if it recognizes the owner is wearing glasses. Instead, it looks for a black area for the eye with a white point upon it for the iris. So the researchers created a pair of spectacles with white tape covered by black tape in the center. A hole in the black tape was allowing the “white point” to be visible to FaceID. This is enough to fool FaceID and unlock the iPhone
Although the chances of someone breaking into your house while you sleep, putting glasses on you and unlocking your iPhone all without you waking up will be near impossible this is still a security exploit that will need to be fixed asap. Full post Here
If you think this was the worst part it wasn’t. Recently a security firm Check Point found a way to hack any apple device that uses IOS 8 - IOS 13 which if you think about it is about 8 years of apple technology and 1.4 Billion apple users. The security firm found out that with the contact app it runs on SQLite so they found a way of exploiting this app into running malicious code that can steal usernames and passwords. This problem with contacts has been a known exploit for about 4 years but no one has realized how badly this can be exploited until now Exploit
What Check Point discovered is that the Contacts app built into iOS can be exploited using the industry-standard SQLite database so that any search of Contacts can trick the device into running malicious code capable of stealing user data and passwords.
“SQLite is the most wide-spread database engine in the world,” said Check Point. “It is available in every operating system, desktop, and mobile phone. Windows 10, macOS, iOS, Chrome, Safari, Firefox, and Android are popular users of SQLite.”
That’s about it for this blog post. As always if you enjoy my content you can support me by becoming a patreon Here This allows me to make blogging a full-time job and gives me more time to blog as I do not need to get a part-time job. When you become a patreon you unlock perks such as premium support, Custom roles in the discord, Access to bot code and much more. I would highly suggest checking it out.
Thanks for your support