Undoubtedly, iPhone X was one of the hottest tech devices to hit the market in 2017. Attracting overwhelming attention from consumers, one of the most talked-about features was “Face ID,” the facial recognition function used in biometric authentication. Biometric authentication takes features from the face, or fingers, or the irises and turns them into a digital signal. Next, the security certificate processes and then authenticates the user, allowing access to the rest of the device.
The advanced technology was hyped up as forward and progressive, but security experts were immediately weary of potential vulnerabilities and hacks. They may have been on the right track as almost immediately after the phone’s release, a Vietnamese company claimed that it had unlocked the iPhone through the facial recognition feature simply by utilizing a 3D printer. The company says it was able to disable the locked iPhone by using a facial scanning system to get the user’s unique facial features just right for a mask. Then, they added on a silicone nose and a few 2D printed photos to add texture and color.
However, it is worth noting that the company was unable to give an answer on whether or not the hack was accomplished after Face ID had scanned the user’s face once, or multiple times. Apple’s Face ID technology specifically works by utilizing an infrared camera to assess the grooves and intricate details of a user’s face. As users continue to login, the function takes more photos of the face to ensure that a comprehensive analysis for the face has been recorded. In fact, Apple claims that the odds of Face ID detecting incorrectly are one in a million, because the more you use Face ID, the more accurate and secure it will be.
So what’s the verdict? Thus far, Apple seems to have done its security homework. Although there may be fears that the company is amassing a huge data directory of people’s faces — this is far from the case. Each face is captured but the image is immediately discarded and the data from mathematical representation is encrypted on the Secure Enclave (a separate hardware-based key manager, isolated from the main processor), meaning that none of it makes it to Apple — yet.
Apple plans to make limited facial data available to app developers for the iPhone X, as long as they get permission from the phone’s owner, and if they don’t sell the data to other third parties. But if you’re familiar with security at all, you know a “Terms & Conditions” never got in the way of a malicious hacker looking for trouble. For now, what we as consumers can do is take precautions, and be extremely careful before downloading new apps that capture facial data because developers will be allowed to store it on their servers.
At the end of the day, though there isn’t a definite “verdict,” we can always come back to the need for more than one authentication factor. We’ve already talked about Two-Factor Authentication (2FA) and Multi-Factor Authentication (MFA), so use the different factors available to your advantage. For example, don’t feel the need to follow the trend of utilizing Face ID. Although it’s the authentication function most talked about, Face ID is not the primary authentication function on the iPhone. It is (and Apple claims it always will be) the passcode that maintains that position.
While there are no clear answers to this security dilemma, it’s always safer to err on the side of caution, especially when your precious mug is involved. It will be a test of time to see if the iPhone X holds up its end of the security bargain.