iPhone X – Security aspects of Apple’s Face ID technology


By Alex Perekalin

This week the iPhone changed in some big ways. Probably the most obvious is the missing “Home” button. That’s right: Apple’s newest flagship smartphone, the iPhone X, has no fingerprint scanner (aka Touch ID). It’s been replaced by something called Face ID.

Those who watched Apple’s presentation will already be somewhat familiar with Face ID, but we’ll shed some light on this technology, and then turn to the area that’s always on our minds: security.

What is Apple Face ID and True Depth Camera

In brief, Apple’s Face ID is a technology used to recognize a user’s face and unlock the new iPhone as well as confirm payments by comparing its view of their face with a picture stored in the iPhone’s memory. For that, the iPhone X uses a special camera called the True Depth Camera.

The small peninsula in the upper part of iPhone X’s front panel — the only part not covered by its massive display — is tightly packed with sensors and other electronics. In addition to the usual front-facing camera, microphone, speaker, and proximity and ambient light sensors, the phone has three new things: an infrared camera, flood illuminator, and dot projector.

These three new parts make up the True Depth camera, which maps your face and takes special 3-D pictures that are used to authenticate you. Here’s how it works.

A flood illuminator is basically just a source of light used to brighten your face in low-light conditions so the camera can get a good picture. The dot projector projects 30,000 invisible infrared dots onto your face. Using those dots, the infrared camera captures your face.

The dots help outline features and create something like a 3-D map of your face. When setting up Face ID, you will need to rotate your head slightly so that the iPhone X can map your face from different angles.

From then on, whenever you attempt to use Face ID, the software will take a shotwith the IR camera, and

if enough features match the 3-D map stored on the phone, you are considered a legitimate user. If the picture doesn’t look quite like the map, you’ll have a chance to repeat the process. At this point, the technology works like a fingerprint scanner, but with one significant difference.

Apple has built in a special coprocessor that is suitable for machine-learning algorithms, which make the system learn and adapt to you better — which, in turn, makes the recognition faster as well as helps the system adapt to changes in your facial expression, hair, and accessories. Apple says that if you decide to, say, wear a scarf or grow a beard, the system will still recognize you.

Face ID’s security features

Now that we know how Face ID works, let’s discuss how it differs from traditional facial recognition techniques, which, as we pointed out in earlier posts, are quite insecure. Apple has implemented several features to ensure that Face ID works smoothly and is more secure than other systems.

First, Face ID isn’t fooled by photos — flat pictures just don’t have a 3-D map of infrared dots on them. By comparison, Samsung’s Face Unlock, implemented in the company’s newest phones, was easily fooled by selfies.

Second, Apple claims that it has even tested Face ID against masks that were basically copies of people’s faces, and yet Face ID stood strong and didn’t let anyone but the owner of the device in. Apple’s Phil Schiller said that the odds of someone unlocking your Face ID–secured iPhone X with their face are 1 in a million. Compared with 1 in 50,000 for the Touch ID fingerprint reader, that’s quite impressive.

Apple also mentioned that using Face ID requires concentration and that you can’t use it while looking away from the smartphone or with your eyes shut. As far as we know, the True Depth camera does not have an iris scanner, but it probably has to rely on some data about your eyes and the direction of your glance as well — mostly so as not to be fooled by lifelike masks.

Third, you don’t have to worry about someone stealing your face — the images captured by Face ID are kept in the encrypted memory of Apple’s special coprocessor, which is called Secure Enclave. They are processed only on the device and are never sent to Apple’s servers or elsewhere. Speaking of processing, it doesn’t leave the Secure Enclave either, so no apps can gain access to your face scans.

However, a security researcher has already found a vulnerability in Secure Enclave. The vulnerability was fixed, but that doesn’t mean there won’t be another — and the next one might be one an attacker can bypass or use to leak your data.

As Schiller himself also noted during the announcement, there’s no such thing as an absolutely secure system. Based on Face ID design, we can say that the new iPhone’s facial recognition should be more secure than that of traditional facial recognition done by a simple 2-D front-facing camera, and it might be more secure than the Touch ID fingerprint sensor. However, security researchers from all over the world will soon be trying to hack this system, so whether it is secure enough has yet to be determined. Fortunately, the traditional six-digit PIN code is still an option. Like any PIN, it is, of course, not ultimately secure, but at least it can’t leak your biometric data to hackers.

(From Kaspersky blog).