11:FS researcher discovers bank apps’ facial recognition can be hacked using iPhone Live Photos

A researcher claims to have discovered a security vulnerability in 2 banks’ mobile phone apps that lets someone get into the account with just a picture of the account holders.Meaghan Johnson, director of research at fintech consultancy 11:FS, says she found that people could access her account using an iPhone “Live Photo” of her. “Live Photos” capture and show limited movement and this tricks the app into thinking the account holder is actually there.Johnson told Business Insider: “What you have to do is log in using biometrics. Once you log in to the secure site on the app just blink a few times and it records you blinking. We got a picture of me blinking which then was a Live Photo. We pressed down on the Live Photo facing my phone with the facial recognition screen open. After 5 seconds it picked it up and it logged us straight into the app.”This vulnerability only applies to banks that are using facial recognition as a method of logging in, which at the moment is a limited number.But the number is growing. The discovery comes days after Standard Chartered bank announced plans to do away with passwords and roll out biometric security to all its 5 million customers.

Source: 11:FS researcher discovers bank apps’ facial recognition can be hacked using iPhone Live Photos – Business Insider

Be Sociable, Share!

Leave a Reply

Your email address will not be published. Required fields are marked *