Facial recognition is one of the most widespread and common biometric access control technologies, providing more diverse applications for face information than other biometric systems. This information is available To confirm the individual's gender, race, age or even emotional state.The main reason why face recognition technology is popular is that we have become accustomed to; social media encourages users to share their face photos online, allowing users to Face Recognition This concept feel comfortable.
Due to the nature of facial recognition technology, where collected information can be widely used, it is important to ensure that the system can identify individuals personally in a stable, effective and secure manner, however, achieving secure access control through facial recognition is challenging ; Must take into account the existence of a variety of entry points malicious attacks, such as fraud, video control, enforcement tampering, or even steal images.
This article will focus on security issues related to Apple's latest flagship iPhone X facial recognition system.
iPhone X Face ID how to work?
Apple has published an article called "Face ID Security," but since the phone was not available before the deadline for this article, here's a breakdown from recent media coverage:
Every time the user faces the phone, the face is detected by the 'pan sensor' even in darkness. The infrared camera captures the infrared image and the dot matrix projector can be placed on the user's face The projection of more than 30,000 infrared spots; capture the infrared light images and dot-matrix graphics in the neural network to construct a mathematical model of the user's face, the mesh (mesh). This neural network using Apple's new A11 Bionic, designed to process Face ID. During the operation, the handset sends the depth information of the user's face to the processor for testing. Through mathematical comparisons, it compares the face ID with the stored face If the two match, the user's identity is verified and the phone unlocks.
It is noteworthy that, in this verification process, the phone will also test to determine whether the user is watching the phone.
Under what circumstances do users use Face ID?
To use Face ID, the user must first configure the password to configure his iPhone X. After that, the user's face can be used to unlock the phone without having to re-enter the password However, in some cases, Will not be able to unlock with only their face, but must enter a password for additional security verification. These include:
Unlocked for the first time (that is, when the device is powered on or restarted) Device has not been unlocked for more than 48 hours Device unlocked within the last 156 hours (six and a half days) without unlocking the device with Face ID unlocked within the last 4 hours Remotely After more than five locks on the face, the user presses the Temporarily disable Face ID's hardware keys (until the next unlock) Previously validated features were safe? Can you effectively combat hackers?
Of course, no authentication system is impeccable.In the iPhone X machine conference, Phil Schiller, Apple senior vice president of global marketing, said an iPhone X is random one of the crowd face recognition accident The chance of unlocking is one in a million.
He said: 'A similar statistic about Face ID? It's about one in a million. In a random crowd, because seeing your iPhone X will be unlocked because of their faces and the chances of the phone is about one million Of course, if that person has a close genetic relationship with you, the statistics will go down, so if you happen to have an "evil twin," you might unlock your device with Face ID, You really need passwords to protect sensitive data.
Apple said during a live event that twins or people with similar looks may unlock each other, so users should take extra care when delegating the handset to someone else.
Compared to Apple's fingerprint biometrics Touch ID, Face ID statistics have seen a significant increase in verification strength; Touch ID has a chance of successfully unlocking a cell phone accidentally at random with another by about one in 50,000.
However, 'uniqueness' is just one of many considerations with respect to biometrics authentication: the probability of a cell phone being accidentally successfully unlocked after being stolen is minimal in either the one in 50,000 or one in a million. In fact, we More attention should be paid to whether hackers can easily break the technology.
As we all know, hackers have previously used Touch ID, a highly advanced and costly technology, but thieves who typically steal mobile phones are less likely to have such resources and even hackers who have the time and resources to crack The phone's Touch ID also needs to first steal or copy the fingerprints of mobile phone users.Although it is not impossible to obtain a person's fingerprint, but compared to obtain his face photos, of course, is more difficult, especially social media With technology so integrated in personal life today, getting someone's face photo can be described as easy.
Therefore, Apple must ensure that even if the hacker gets a photo of the mobile phone users can not use the user's mobile phone.Up to now many face recognition technology has been released by some simple, even basic methods have been compromised, For example, hackers can use printed photos, digital photos, animated digital photos and 3D models.
Apple has been working hard to ensure that these types of cheat attacks can not break Face ID, and claims that even with the highly simulated user facial 3D mask can not be successfully unlocked, but we really want to use iPhone X for some time to see the real chapter.
Temporarily disable Face ID
Another situation that users are concerned about is: 'What if I was threatened with looking at the phone and unlocked?' This is most likely to happen, for example, when a thief or law enforcement officer encounters such an order. Users simply press the front and back buttons of the phone at the same time, Face ID will stop working until the next time you enter the password before rebooting.Through this feature, even if the user is threatened to watch the phone, it will not Unlock.
Face ID support
Another interesting piece of information posted on the iPhone X Mobile Press Conference is that Face ID is supported by all Touch ID-enabled apps, meaning iPhone X uses the same API, Currently available biometric schemes Fingerprint authentication generally uses the Local Authentication architecture, which supports both Touch ID and Face ID, which is quite advantageous from the point of view of adding functionality and providing support. Focused on the trend of facial recognition technology companies and application developers do not have to go to great lengths to support Face ID.
However, some companies have already conducted in-depth analysis and risk assessment of Touch IDs prior to approving / adventuring employee devices using the Touch ID feature (or for their external App Store applications), but most likely not Face recognition technology will be risk-based or approved for use by employees in the enterprise Now that the iPhone X is just on the market, all Touch ID-enabled applications will be compatible with Face IDs, meaning that even if the business is not approved yet, Faced face recognition capabilities are available to employees of the company's facilities, and as a result, companies must analyze and evaluate Face IDs as soon as they are available on the iPhone X to promptly amend their company policies.
The native authentication architecture allows developers to verify that a device supports Touch ID or Face ID, so Touch ID / Face ID or local authentication of both applications can be disabled programmatically, if needed.