iPhone X Uses Facial Recognition to Unlock Device, Apple Says 1 in 1,000,000 Chance of False Positive
At the Apple Special Event 2017, Apple announced on Tuesday three new iPhones (X, 8 and 8 Plus), the Apple Watch Series 3, the new Apple TV 4K — and new software in the form of iOS 11 and WatchOS 4. Star of the show, however, is the new iPhone X (pronounced ‘ten’) that marks the tenth anniversary of the birth of iPhones.
As with many things Apple, the iPhone X capabilities range from the sublime to the ridiculous: from new facial biometric unlocking to user emotion-matching emojis. Both come courtesy of the new front-facing camera system that continuously scans the user’s face.
From a security perspective, the key elements include ditching the Home key and fingerprint access for facial access, and a new requirement for a passcode to be entered before the iPhone can be connected to an external device (such as, for example, a forensic scanning system).
The iPhone X uses a TrueDepth camera system combined with a series of sensors (including proximity and ambient light) at the top of the front of the phone. Coupled with infra-red capabilities and an internal neural engine, the iPhone can recognize its owner with only 1 in 1,000,000 false positives, day or night. This compares to just 1 in 50,000 false positives for the earlier TouchID fingerprint access.
At one level, this would seem to solve law enforcement’s problem in accessing a suspect’s iPhone. While it would be possible to physically force a suspect to present a finger to TouchID (with varying degrees of legality, and possibly the wrong finger), the X merely needs to ‘see’ the suspect’s face.
However, this is offset by an additional feature in the iOS 11 software: any attempt to connect the iPhone to an external device will now require an extra passcode. So, while it may be easier for law enforcement to access what is visible on the phone itself, it will be much harder to attach an external device, such as a PC, to allow full forensic investigation of the phone.
For now, we only know what Apple has told us — so we don’t know how subtle or nuanced the facial recognition can become. We are told that, courtesy of the neural engine, the system gets better over time at recognizing its user, and can adapt to recognize changes (such as aging). We are told that wearing a hat or growing a beard will not confuse it.
But we don’t know whether it can detect specific emotions, such as fear, that could be used as a panic button. Without an obvious and clear panic button, there is a danger that violence in phone thefts could escalate — physical thieves could use physical force against the user to both steal and unlock the phone. Tapping the side power button five times in rapid succession will disable FaceID, but it is debatable whether a user under duress would have either the time or composure to do this.
It is possible, of course, that an emotional panic button could be introduced since the new user-imitating animated emojis are based on the user’s emotions, as scanned by the TrueDepth camera.
On the surface, it appears as if the iPhone X’s security systems are fairly robust and well-planned. As soon as the model becomes available in November, we will learn how well these theories will stand against sophisticated hackers who will seek kudos as the first person or group to break into an iPhone X. “While it is difficult to replicate the facial features of a user,” comments Stephen Cox, chief security architect at SecureAuth, “early attempts at this technology in consumer devices were easily defeated by simply placing a picture of the user’s face in front of the camera. The iPhone X has 3D capabilities that can judge distance, a mitigation for this vulnerability. It remains to be seen how effective it is, but you can bet that the hacker community will fervently try to defeat it.”
“We will not know of the quality of Apple’s FaceID facial scanning until the security community tests it, but the combination of an IR sensor and camera makes this system quite accurate and difficult to trick,” Corey Nachreiner, CTO at network security firm WatchGuard Technologies, told SecurityWeek.
“Whatever factors you chose,” Nachreiner says, “I strongly believe in multifactor authentication. Whether it’s fingerprints or facial scans, bad actors will continually find ways around different identity tokens, even biometric ones. You get strong security by layering multiple tokens (i.e. a password and a facial scan).”
Nachreiner also reminds that your iPhone would have a 3D model of your face. “I’m sure Apple is taking good steps to secure it on the device, but it is technically a valuable new piece of data on your mobile for future attackers to target,” he said.
Meanwhile, it is worth noting Edward Snowden’s Twitter comment: Good, “Design looks surprisingly robust”; bad, “Normalizes facial scanning, a tech certain to be abused.”
As long ago as 2004, the then UK Information Commissioner, Richard Thomas, warned that Britain was in danger of sleepwalking into a surveillance society. Snowden fears that by making facial scanning part of everyday life, the public will accept its use in more and more privacy-invasive applications — both state and commercial.