On the day Apple launched its iPhone X, facial recognition experts have questioned the security of a new biometric authentication system on the devices.
Apple has been preparing to use facial ID for authentication for some time, cherry-picking in the last four years three Israeli companies that supply the sense-capture-identify one-two-three of facial matching authentication.
It reportedly acquired RealFace earlier this year for an undisclosed amount, LinX in 2015 for an estimated $20 million and PrimeSense in November 2013 for $345 million. PrimeSense designed a 3D sensor, Linx developed a DSLR-like mobile camera module and RealFace built facial recognition software.
It's surprising therefore to find out that Apple's new authentication method may be flawed and easily spoofed. "iPhone X has 3D face recognition on it to do face matching. The Chaos Computer Club will take (only) a month to spoof it," opined Andrew Bud, CEO and founder of iProov. "They will find the iPhone weakness and they will break it. And if they don't publish how they did it, Apple will never know."
The CCC famously broke the Samsung Galaxy S8 iris scanner a month after it was launched. But it does have a track record of being very sporting in the grey hat mode when it indeed breaks a system, often publishing how and why an exploit has been successful; its 5,500 members seem to function as a benevolent collective. Millions of other hackers do not.
Owners of the new $1,000 iPhone X elite model have disposable incomes. You get my drift.
I'm not a hacker myself (or if I am, I'm black hat and you don't know it), but there are several ways that a potential weakness could be leveraged. An attempt could be made during the initial education mode where hackers probe for weaknesses, looking to build their fact base while remaining unobserved. Here there would be an intercept to see how the ID authentication process communicates between the OS and hardware. If there's an intercept, then it's also logical that bogus values could potentially be inserted to see how the system/service responds.
According to Jeff Orr, research director of strategic technology at ABI Research, "If a true 3D sensor is involved that captures more identifying points than a fingerprint, this challenges prior facial recognition approaches where the image could be spoofed using photos, contact lenses, and video playback." The more identification points the sensor has, the stronger the security and the better it is for the consumer.
During the launch presentation, Apple invited viewers to glimpse behind the curtain of the biometric unit on the iPhoneX. Its TrueDepth camera system comprises an IR camera, flood illuminator, front camera, a dot projector, and also proximity and ambient light sensors.
The challenge process takes place in real time, and begins when the user’s face is detected by the flood illuminator. The IR camera takes an image, and the dot projector pushes 30,000 IR dots onto the face. The information from the IR image and dots are combined and pushed through an on-chip neural network for processing. The composite is then matched to an existing image stored locally on the device. The data from this is ‘enclaved’ on a purpose-built A11 Bionic chip, although it was not clear how safe it was.
While acknowledging during the presentation that “there is no perfect system” for biometric facial recognition, Apple added that there is a 1 in 50,000 chance that, say, I could unlock your phone with my fingerprint. For FaceID, that statistic is 1 in 100,000,000. So, the device is spoofable. Apple added that if there’s a family member that bears a resemblance, then a passcode should be used on top of FaceID in order to better safeguard data.
Certainly, that advice is to Apple's credit; Every data point -- face, eye, fingerprint enrolled into a single strong authentication process would make an attack harder.
"A combination of facial, eye and fingerprint recognition seems like a more progressive approach to ensuring the security of the user, device, and its data," says Orr. But, there are some very devious methods out there to break through security.
"(This) would overcome concerns about someone trying to unlock the phone of a sleeping or deceased person," says Orr. "It is not clear today if corrective lenses, contact lenses, or use of prescriptions/intoxicants that alter pupal dilation will have an impact on the system."
Or, a hacker could simply try to retrieve authentication patterns already enrolled and stored locally on the device, such as TouchID, if indeed this is how the iPhone X system works.
In some cases, observers fear that facial ID causes real issues for an iPhone user who is physically next to a spoofer. Imposing a biometric request under duress is possible. But since we're into hypotheticals here, what about if someone could model their own 3D scanner using the same 3D sensor to gather identities for a future exploit? That hack could be executed over time and only launched once thousands of identities have been exploited.
And finally, a question for Benjamin Button: How do legitimate users manage changes over time as they age, change appearance and grow younger?
Apple did not respond to several requests for comment. Special thanks to Jeff Orr.
Editor's Note: This article has been updated to reflect information released in the iPhone X launch event.
- Has Facial Recognition's Time Arrived?
- 'Good Enough' Probably Isn't
- Personal Security Begets Enterprise Security
— Simon Marshall, Technology Journalist, special to Security Now