Click to Skip Ad
Closing in...
  1. Prime Day Deals
    07:58 Deals

    Amazon has 10 new early Prime Day deals you need to see to believe

  2. Amazon Echo Auto Price
    09:43 Deals

    Amazon’s $50 Echo Auto adds Alexa to your car – today it’s only $15

  3. Best Kitchen Gadgets
    08:33 Deals

    Amazon shoppers are obsessed with this $23 gadget that should be in every kitchen

  4. Prime Day 2021 Deals
    11:28 Deals

    5 best Prime Day deals you can already get today

  5. Apple Watch Series 6 Amazon
    13:48 Deals

    Who needs Prime Day when the Apple Watch Series 6 is already $70 off?




Researcher uses Apple’s ‘Live Photos’ feature to hack into two mobile banking apps

August 18th, 2016 at 3:24 PM
iOS Live Photos

Biometric authentication systems have been around for ages, but it wasn’t until Apple released Touch ID alongside the iPhone 5s that it entered the mainstream. Building off that, a number of banks across the globe have started to update their mobile apps with with fingerprint and facial recognition systems in place of the tried and true password.

DON’T MISS: T-Mobile kills data plans and goes all in on unlimited data

While such systems are admittedly much more convenient than having to enter in a clunky password on a mobile device, they also aren’t without their share of security vulnerabilities. Speaking to this point, Meaghan Johnson, a researcher at a financial technology consulting firm ,recently discovered that she could bypass a bank’s authentication software using, of all things, Apple’s Live Photos feature. Because Live Photos capture 1.5 seconds of video both before and after an image is taken, Johnson discovered that a Live Photo could effectively trick a bank’s facial recognition software into thinking that she was present.

Speaking to Business Insider, Johnson explained:

What you have to do is log in using biometrics. Once you log in to the secure site on the app just blink a few times and it records you blinking. We got a picture of me blinking which then was a Live Photo. We pressed down on the Live Photo facing my phone with the facial recognition screen open. After 5 seconds it picked it up and it logged us straight into the app.

While nothing to worry about at the moment, such work-arounds may soon become more worrisome as more and more banks and financial companies begin increasing their reliance upon biometric authentication. As we highlighted last year, MasterCard is currently working on a new security scheme wherein the identity of a user attempting to complete an online transactions would be verified by said user taking a selfie. As a security precaution, MasterCard said that their mobile app will require users to blink once in order to prevent “a thief from just holding up a picture of you and fooling the system.”

That’s all well and good, but as Johnson’s research demonstrates, it may only take a Live Photo of a particular user in order to fool a given facial recognition system.

A life long Mac user and Apple enthusiast, Yoni Heisler has been writing about Apple and the tech industry at large for over 6 years. His writing has appeared in Edible Apple, Network World, MacLife, Macworld UK, and most recently, TUAW. When not writing about and analyzing the latest happenings with Apple, Yoni enjoys catching Improv shows in Chicago, playing soccer, and cultivating new TV show addictions, the most recent examples being The Walking Dead and Broad City.




Popular News