Researcher uses Apple’s ‘Live Photos’ feature to hack into two mobile banking apps
Biometric authentication systems have been around for ages, but it wasn’t until Apple released Touch ID alongside the iPhone 5s that it entered the mainstream. Building off that, a number of banks across the globe have started to update their mobile apps with with fingerprint and facial recognition systems in place of the tried and true password.
While such systems are admittedly much more convenient than having to enter in a clunky password on a mobile device, they also aren’t without their share of security vulnerabilities. Speaking to this point, Meaghan Johnson, a researcher at a financial technology consulting firm ,recently discovered that she could bypass a bank’s authentication software using, of all things, Apple’s Live Photos feature. Because Live Photos capture 1.5 seconds of video both before and after an image is taken, Johnson discovered that a Live Photo could effectively trick a bank’s facial recognition software into thinking that she was present.