📲
📲
📲
📲
iOS Pentesting
Search
K

Local Authentication (Biometrics)

Local Authentication (Biometrics) can be easily bypassed.
Apple devices have the ability to perform authentication via biometrics, and explains how this works in code in the referenced article. What's important to understand here is that this is basically a way for an iOS application to ask iOS to check whether the user is authenticated to perform the aforementioned action.
During local authentication, an app authenticates the user against credentials stored locally on the device. In other words, the user "unlocks" the app or some inner layer of functionality by providing a valid PIN, password or biometric characteristics such as face or fingerprint, which is verified by referencing local data. Generally, this is done so that users can more conveniently resume an existing session with a remote service or as a means of step-up authentication to protect some critical function.
Objection
....highaltitudehacks.DVIAswiftv2 on (iPad: 13.3.1) [usb] # ios ui biometrics_bypass
(agent) Registering job 186767. Type: ios-biometrics-disable-evaluatePolicy
(agent) Registering job 123514. Type: ios-biometrics-disable-evaluateAccessControl
....highaltitudehacks.DVIAswiftv2 on (iPad: 13.3.1) [usb] # (agent) [467987] OS authentication response: false
(agent) [467987] Marking OS response as True instead
(agent) [467987] Biometrics bypass hook complete (evaluatePolicy)
(agent) [467987] Localized Reason for auth requirement (evaluatePolicy): Please authenticate yourself
(agent) [987319] Localized Reason for auth requirement (evaluatePolicy): Please authenticate yourself
(agent) [537955] Localized Reason for auth requirement (evaluatePolicy): Please authenticate yourself
(agent) [186767] Localized Reason for auth requirement (evaluatePolicy): Please authenticate yourself
(agent) [186767] OS authentication response: false
(agent) [186767] Marking OS response as True instead
(agent) [537955] OS authentication response: true
(agent) [987319] OS authentication response: true
(agent) [467987] OS authentication response: true
(agent) [467987] Biometrics bypass hook complete (evaluatePolicy)
(agent) [987319] Biometrics bypass hook complete (evaluatePolicy)
(agent) [537955] Biometrics bypass hook complete (evaluatePolicy)
(agent) [186767] Biometrics bypass hook complete (evaluatePolicy)
(agent) [467987] Localized Reason for auth requirement (evaluatePolicy): Please authenticate yourself
(agent) [987319] Localized Reason for auth requirement (evaluatePolicy): Please authenticate yourself
(agent) [537955] Localized Reason for auth requirement (evaluatePolicy): Please authenticate yourself
(agent) [186767] Localized Reason for auth requirement (evaluatePolicy): Please authenticate yourself
(agent) [186767] OS authentication response: false
(agent) [186767] Marking OS response as True instead
(agent) [537955] OS authentication response: true
(agent) [987319] OS authentication response: true
(agent) [467987] OS authentication response: true
(agent) [467987] Biometrics bypass hook complete (evaluatePolicy)
(agent) [987319] Biometrics bypass hook complete (evaluatePolicy)
(agent) [537955] Biometrics bypass hook complete (evaluatePolicy)
(agent) [186767] Biometrics bypass hook complete (evaluatePolicy)
References:
  • https://developer.apple.com/documentation/localauthentication?language=objc
  • https://developer.apple.com/documentation/localauthentication?language=swift
Bypassing Restrictions - Previous
Bypassing Jailbreak
Next - Breaking Crypto
Weak Cryptography
Last modified 2yr ago