Today it is normal to use facial recognition to open your phone and to pay with your credit card through Apple pay – 10 years ago I would never have imagined that these features would be accessible to people and being used in everyday life.
Facial recognition is fairly new to the public, since the technology until now has been either very sensitive or easy to trick. Apple first launched facial recognition (Face ID) on iPhone X in 2017 (Tillman, 2021). Apple’s facial recognition uses a “TrueDepth” system that projects structured IR Light onto the user’s face to measure the depth of the facial features. The IR Light contains 30,000 small dots and is basically creating a 3D model of the user’s face. This technology is resilient towards tricks such as videos or pictures of a face which makes Face ID very accurate (Nachreiner, 2021). In addition, according to Apple, the false-positive rating is as low as one in one million. This is a great improvement of Touch ID (fingerprint) were the false-positive rate was one in 50,000 (Tillman, 2021).
Even though Face ID is accurate and resilient towards tricks – how safe is it? Where is the data stored and who has access to this data? Would a hacker be able to get access to your face ID? According to Apple, the data never leaves the user’s phone and is not transmitted to any cloud or network. It is saved in something called the “iPhone’s secure enclave” which, according to Apple, would be impossible to hack since the data can’t be retrieved (Nachreiner, 2021).
But is anything that has to do with data really impossible? Even though Apple is one of the leading companies within technology, technology emerges and improves every second – also for hackers. Yet at a Black Hat hacker convention in Las Vegas, some researchers found that it was possible to “hack” the liveness detection of an iPhone user and thereby hack the Face ID. Apparently, if the user is sleeping, is a user of glasses and eyes are being held open with tape, it is possible (Winder, 2019). So, if this is the only way, that we know of right now, to hack a Face ID, that seems pretty safe to me. Yet Chief Technology Officer, Corey Nachreiner (2021) suggests that in order to secure sensitive information even more, a multifactor authenticator is the only truly secure option. According to Nachreiner, the combination of biometric data and passwords would be the safest, and I will agree on this point. What do you think?
References:
Nachreiner, C. (2021) Apple’s Face ID: No match for multifactor security. TechBeacon.com. Retrieved from: https://techbeacon.com/security/apples-face-id-no-match-multifactor-security
Tillman, M. (2021) What is Apple Face ID and how does it work? Pocket-lint.com. Retrieved from: https://www.pocket-lint.com/phones/news/apple/142207-what-is-apple-face-id-and-how-does-it-work
Winder, D. (2019) Apple’s iPhone FaceID Hacked In Less Than 120 Seconds. Forbes.com. Retrieved from: https://www.forbes.com/sites/daveywinder/2019/08/10/apples-iphone-faceid-hacked-in-less-than-120-seconds/?sh=73c130dd21bc