The iPhone X uses incredibly detailed imaging (30,000 data points) to map the user’s face during “training”. This is also how the phone is able to read your face and put cute animations that move with it in real time that are more advanced than what animation studios were doing a few years ago. It improves on its high-resolution image capture by integrating infrared data; this prevents someone from printing a high-resolution image of your face, putting it in front of the camera and then unlocking it. However, even this advanced facial recognition system is showing security issues.
Beating IR Plus Image Technology
More than one group has reported they beat the facial recognition system. However, the methods are more advanced than the average hacker has at their disposal. For example, Bkav created a 3D mask with high resolution images for key portions of the user’s face that worked, according to an online video.
There is some doubt as to the veracity of the claims, since Wired magazine had special effects artists make very detailed masks that failed to work in their tests. Bkav says that they did it using 2D and 3D printed masks, and that the images necessary to create such masks are already available on most users’ social media accounts. According to an article that was published on Wall Street OTC, the entire experiment cost about $150.
Confusion Due to Data Sets
A Chinese pair of co-workers said that one woman was able to unlock the other woman’s FaceID. The company said this was probably due to both of their faces being captured during the face training of the artificial intelligence.
The company admits that it is easier for the AI to be confused by children’s relatively undefined features, so it is possible for two same sex siblings close in age to unlock another’s phone if they look a lot alike. Identical twins and triplets, of course, could fool it as the Wall Street Journal demonstrated.
The General Security Risk
The iPhone 5’s Touch ID sensor was hacked in 2013 using a high-resolution image of the user’s fingerprint on a glass. Another method was altering fingerprint data stored on the phone, such that it potentially could be altered or replaced with someone else’s thumbprint.
In theory, the same thing could be done with someone’s facial ID. There have already been demonstrations that smartphones could be hacked to add additional fingerprint data and then prevent the user from seeing that information was added. A similar process could be done with facial identification information.
This is especially true if the device has already been compromised with malware recording everything the device does. A separate risk is that a third-party application with permission to use facial identification isn’t compromised, your facial information then stolen and used by hackers.
Vietnamese security firm Bkav says it was able to hack the Face ID of the iPhone X using an affordable 3D printed mask with the right key details in place. This leads to any concerns about the security issues that could possibly arise. We are still waiting on Apple to resolve the issue, but we can expect a security update to be rolled out soon.