Answers to the three main questions about the security of Face ID

How well the new face recognition system protects the phone from unauthorized access and leaks.

Senior vice president of marketing for Apple Philip Schiller talks about the functions of Face ID. Photos Bloomberg
Senior vice president of marketing for Apple Philip Schiller talks about the functions of Face ID. Photos Bloomberg

On September 12, Apple introduced the iPhone X, which is equipped with Face ID technology. She enters the scanned face of the owner into the phone system and uses it as a password for unlocking. Face ID is similar to the Touch ID technology, with which the phone is unlocked by fingerprint.

“This is the future of unlocking smartphones and protecting confidential information,” – described a new feature in Apple. Based on foreign materials,  formulated three main questions to the safety of technology.

Can data about a person steal scammers

One of the most common vulnerabilities of face recognition systems is the ability to bypass it by sending a printed photo of the owner to the camera. Apple experts say that they closed this gap in Face ID with the help of True Depth infrared system. It projects on the face of the user a grid of 30 thousand invisible points and creates a three-dimensional model.

At the presentation of Apple senior vice president of marketing Philip Schiller said that if scammers try to make a copy of the face on a 3D printer, it most likely will not work against Face ID. He showed a photograph of the detailed masks created by Hollywood special effects consultants who used Apple to test the function.

Fragment from Apple’s presentation about Face ID

Schiller, however, did not argue that the masks failed to unlock. Cyber ​​security specialist Mark Rogers, who bypassed the Touch ID system (he removed prints from the surface, printed them and used them for authorization), suggested that you would need to print an image of the owner on a 3D printer to bypass it.

In the past, a similar experiment was obtained from the German company Security Research Labs regarding the Windows Hello authentication system. But creating a detailed copy of the person while doing this takes a lot of time and requires professional skills. With this, a fraudster without preparation can not cope.

It can also be assumed that Face ID is able to recognize not only the shape and appearance of the face, but also its color characteristics. If this is the case, to circumvent protection, attackers will need a three-dimensional mask that replicates, at a minimum, the skin color and the owner’s eyes. This will require even more technical efforts.

According to TechCrunch , at the launch of the iPhone X, the owners will be able to add the face of only one person to Face ID. This means that other people need a user’s password to access the phone (even friends and relatives).

Can Apple “merge” user data

Apple has already warned that it will not save any data about the face of the owner in the “cloud”. In other words, this information will be stored only on the phone – as with the Touch ID. More information about security conditions can be found in the Apple document .

As noted by The Verge, if in the case of Face ID, the company will follow these rules (including prohibiting the transfer of data about the owner without his permission or court decision), it will be difficult to extract data from the phone. Nevertheless, this does not give a 100% guarantee. The company at any time can change the terms of use.

Despite Apple’s statements, human rights activists still criticized the new function, suspecting that it would be impossible to verify the fact of information transfer.

What if the police or robbers can force the owner to unlock the phone

Like the Touch ID in the past, Face ID raises several questions about how to unlock. If the owner of the phone is detained by the police or captured by criminals, they will not be able to guess the password – but they can bring the iPhone to the user’s face to bypass protection. In the US, a suspect can use the Fifth Amendment and refuse to give out a password from the phone. But this rule does not apply to the person.

There is no ideal solution for solving such problems, but you can simply disable the use of Face ID and protect the device with a standard password. This is a temporary measure, but at least it will not repel the desire to even use the iPhone X. In addition, Apple representatives have already stated that the system will not unlock the phone if the user looks into the camera with his eyes closed.

In extreme cases, the Face ID can be left only to unlock the phone, and to confirm purchases via Apple Pay or download applications – using a password (by default, Face ID is enabled in all three cases).

Principle of work Face ID

Cyber ​​security specialist Mark Rogers said if the owner decides to use the new feature, his data will become less secure. Someone may actually be intimidated: then it’s better to think about disabling Face ID in favor of a common password.

However, there are no good reasons to ignore the new technology. If the trick with creating a copy of the face and works, then the attackers still need strength and time – this method can not be called easy. Whether police officers or hackers can obtain the data of the owner without his consent thanks to Face ID, for certain will become known after the phone is on sale.

Back to top button