After months of speculation, on September 12, Apple finally unveiled the much anticipated iPhone X. The latest iPhone edition comes sans Home button or built-in fingerprint reader. Instead, it boasts a Facial Recognition System called Face ID, a technology that uses a 3D scan of the user’s face to authenticate and unlock the virtual padlock of the device.
So how does it work?
The latest iPhone uses TrueDepth camera system. “Whenever you look at your phone, the flood illuminator detects your face. Then the infrared camera takes an IR image and the dot projector uses over 30,000 IR dots to create a dot pattern,” explains a Lifehacker report.
The two sets of data are then sent to the iPhone’s new A11 Bionic chip, “which uses a neural network trained with over a billion images to compare it to a mathematical model of your face” that has been stored on the device beforehand, adds the report. The technology works even in the dark.
According to Apple, the entire process is quick and seamless.
How secure is this latest feature?
Apple notes that the technology can’t be fooled by a photograph or a mask, not even a creepily realistic one.
This is a little reassuring as 3-D facial recognition systems have been spoofed before. According to WIRED, two years ago, Berlin-based SR Security Research Labs successfully spoofed Microsoft’s Hello facial recognition system. It used the same kind of infrared depth-sensing cameras as the new flagship phone.
The researchers used a mould that perfectly mimicked the shape of the target's face and light-reflective properties of the skin.
“For the average iPhone owner, the difficulty of spoofing FaceID and also gaining physical access to a target iPhone will likely make any attack on it a monumental waste of effort,” Rich Mogull, a security analyst who has long focused on Apple, tells WIRED.
"If you have to 3-D print a model of someone's face to defeat this, that’s probably an acceptable risk for most of the population," he adds.
More good news is that just like Touch ID, the faceprint data is encrypted and stored locally instead of being transferred to Apple’s servers where it could be prone to hacking.
What are the legal implications of unlocking your device with your face?
However, there are a few concerns regarding the latest feature.
For instance, scanning systems like Face ID “that normalise mass scanning of facial features do inexorably push in an anti-privacy direction — carrying the uncomfortable risk of misuse,” notes TechCrunch.
Also, it’s kind of obvious that for “Face ID to function at least some of the iPhone X’s sensors will need to be always on, scanning for potential faces,” adds the report.
This means that the device could be gathering potentially sensitive data while the user remains unaware.
Then there are also doubts regarding the Face ID. “If you’re detained by police or kidnapped by criminals, they won’t be able to guess your password — but they would be able to hold the phone up to your face until you pass a Face ID scan,” notes The Verge. “It’s a major privacy concern, and one many users don’t think about until it’s too late,” they add.
There are other unanswered questions too, like whether a person can pry open a sleeping or deceased person’s eyes to get past the facial recognition software. Or, what if the system fails to identify the actual user, much like the brief demo fail that happened during the recently concluded Apple event.
That said, even Apple acknowledges that technological glitches are inevitable and additional layers of security are crucial, which is why the new iOS 11 comes with two more features. An ‘SOS’ mode that allows the user to disable Touch ID/ Face ID by pressing the power or home button five times. And secondly, a security measure that requires the user to enter the phone's passcode to trust a connection to a new computer, making it even harder for anyone to steal data from an unlocked device.