Despite many reported flaws, biometric authentication has become a popular security control for consumer devices over the past several years. Cybercriminals, researchers and pranksters have been able to fool previous biometric security technology using methods as simple as a lifted fingerprint and some latex, or even printed photographs. So, when Apple introduced the world to its new iPhone X with Face ID last month, the world began to debate its efficacy. With strong, easy-to-use authentication capabilities that don’t compromise design, Face ID is a step in the right direction for biometrics, but there’s always a catch…
WatchGuard’s CTO, Corey Nachreiner, sat down with Byron Acohido, Pulitzer-winning journalist and host of The Last Watchdog internet security podcast, to discuss the privacy and security issues sparked by the iPhone X’s Face ID feature, as well as the advantages and risks involved with using biometric identifiers for digital devices.
For a preview of the privacy concerns Corey calls to attention in this podcast, check out the following excerpt from the accompanying article:
“A unique 3-D identifier is a valuable data set, which means some bad guy somewhere is figuring out a way to steal and use it. “That’s one of the worrying things,” Nachreiner says. “You can imagine if that data, to identify who you are, gets into the wrong hands … it may be used to create ways to spoof other systems.” Consumers should be aware of how 3-D images of their faces are being stored. Are companies storing them in the cloud?
Can anyone access them? Apple says the image is on a secure enclave that’s only on your phone. “They are actually securing it relatively well, but in the past, hackers have done things like decrypt the secure enclave’s firmware,” he says. “In the future, you do have to worry about someone perhaps getting that data, that 3-D model of your face,” then using the image to steal your identity.”
Listen to the full podcast episode below or check out the full article on The Last Watchdog. Learn more about biometric authentication and security risks associated with iPhone X’s facial recognition system here on Secplicity.