Apple’s new flagship phone, the iPhone X (pronounced “iPhone Ten”) launches today to sky-high levels of hype and a certain amount of skepticism from the security and privacy community. Apple has removed the fingerprint sensor from the iPhone X in favor of a facial recognition system called Face ID. Facial recognition has a long history in science fiction, but most early real-world attempts at the technology were full of errors and easy to fool. This presents some serious security and privacy issues. After Apple’s initial announcement, Twitter was full of memes about Arya Stark and the Faceless Men from Game of Thrones!
So how secure is Face ID? Our CTO Corey Nachreiner answers that questions and more in a column in Tech Beacon. Corey argues that Face ID is extremely secure, but requiring multi-factor authentication to log onto the phone would be even stronger.
Many early facial recognition systems were based on processing flat, 2D images and could be fooled by a photo of a face. In fact, this photo bypass trick still works with some of the latest facial recognition in new devices like the Samsung Galaxy S8. To combat the simple photo attack, facial recognition technology started adopting new “liveness detection” or motion tests. Beyond just recognizing your face, new algorithms would also look for certain motion, such as blinking eyes or a smile, in order to ensure they were looking at a live person. Unfortunately, many of the systems looking for motion were quickly defeated with simple videos, or even by editing a “blink” into a photo, and switching between the two photos.
Finally, a few of the more advanced 2D facial recognition systems started to leverage camera motion to get a pseudo-3D view of a face. The shape of a 3D object like your face alters in a predictable manner as a camera moves or changes angle. This is due to a visual effect called parallax, which creates a pseude-3D or “2.5D” effect. Some facial recognition systems leverage this camera motion to defeat the static photo attack. If an attacker shows a simple picture to such a system, the angle of the face in the picture doesn’t change properly as the camera moves, making these types of facial recognition systems much harder to spoof. However, when there’s a will, there’s a way. Just last year, researchers figured out a way to spoof these moving facial recognition systems.
Apple solves these issues in Face ID. It goes beyond just tracking motion from 2D video, to actually mapping 3D environments using a technique called structured light. This technology, also used in the Xbox Kinect, creates a complete 3D map of each user’s face. This solves many of the issues of 2D facial recognition and makes the system much harder to fool.
But Corey also argues that no single security factor, even a strong biometric one like Face ID, will ever be as strong as multi-factor authentication. Here’s an excerpt from the article where he makes this point.
Rather than using different factors individually, we need to pair two or more together. With enough time and effort, someone could probably create a convincing copy of your face, but what if your phone or bank account required both your face and password to log in? That would make it exponentially harder to crack.
In the end, I believe multifactor authentication is your only truly secure option for protecting critical information. Rather than quibbling over whether Face ID is more secure than Touch ID, or if certificates are more secure than passwords, we should realize that all authentication factors have weaknesses. Apple did well in designing Face ID, but unless you pair it with something else, hackers will eventually defeat it.