Apple recently (Sep 12 2017) announced its new line of phones. The new iPhone X ("ten") has an OLED screen, an additional two hours of battery life, no home button or fingerprint reader, and costs $1,000. There are also updates to its flagship mobile operating system, iOS 11, which includes new features that relate to security.
Perhaps the biggest security news concerns Apple's new Face ID for the iPhone X, which uses facial biometrics for authentication.
After you set up Face ID, it launches whenever you raise up the phone, tap the screen, use a supported app that requests authentication, or receive an incoming notification. The TrueDepth camera looks for a face and, when detected, Face ID checks that your eyes are open and your face is directed at the phone.
Two reasons. First, looking at the phone means that you are indeed intending to unlock it. Second, it prevents someone from unlocking your phone by holding it in front of your face while you are asleep (or unconscious). Once it confirms the presence of an "attentive face," the TrueDepth camera projects over 30,000 infrared dots on your face to create a "depth map" of the face, and then reads it along with a 2D infrared image. This data is used to create a sequence of 2D images and depth maps, which are digitally signed and sent to the "security circuit" on the phone that's designed to prevent the main processor on the phone from directly accessing secure data.
But over time our faces tend to change (guys, think facial hair; ladies, think makeup). Apple has thought of this, too, by continually updating its stored mathematical representation of your face. When you successfully unlock your phone, Face ID may use the newly calculated mathematical representation of your face for several additional unlocks before that data is discarded. But if Face ID fails to recognize you so that you must enter your passcode, Face ID takes yet another image capture and augments its enrolled Face ID data with the newly calculated mathematical representation. And this new Face ID data is discarded after a finite number of unlocks and if your face no longer matches against it. By continually augmenting the images Face ID can keep up with your facial changes.
Because Face ID can be linked with Apple Pay, looking at your phone gives you a simple way to transfer money without typing any passwords. But of course, there is a heightened risk here. But Apple to the rescue again. Just looking at your phone will not be enough to trigger a transaction. Rather, Apple Pay requires you to “confirm intent” by double-clicking the sleep button before holding the phone up to the payment terminal. And like Touch ID, you can disable Face ID by pinching the side buttons to put the phone in shutdown mode. After that, it will require a passcode to unlock it.
What if someone tries to spoof your face with a picture or another image? Apple says, "The TrueDepth camera actually randomizes the sequence of 2D images and depth map captures, and projects a device-specific random pattern." Apple claims that the probability that a random person in the population could look at your iPhone X and unlock it using Face ID is approximately 1 in 1,000,000 (for Touch ID it's 1 in 50,000). But the statistical probability changes if you have a twin or sibling that looks like you, and for children under the age of 13 because their distinct facial features may not have fully developed.
So, it all sounds really good and secure--on paper. But how secure is Face ID? We'll just have to wait to see after the iPhone X is released to know how secure Face ID actually is.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.