When Apple unveiled the iPhone 8 and iPhone 8 Plus (not to mention iPhone X), it also revealed Face ID, a new security solution that allows consumers to map their face and then use that map to unlock their phones, rather than relying on a keycode or a fingerprint. Though exciting in some respects, the new technology has prompted concerns from consumers who imagine Face ID may be too easy to circumvent, or just poorly implemented. Craig Federighi, SVP of Software Engineering at Apple, has addressed some of those concerns.
It’s easy to imagine a scenario where you are walking down the street with your new iPhone when suddenly a knife-wielding man accosts you and demands you hand over the device. Or suppose you are pulled over by a police officer for speeding, and he decides he doesn’t like the way you look. He demands to see your phone, and asks you to look at it so he can then go through its contents and potentially find a more serious crime you may have committed. Speaking to Tech Crunch, Federighi outlined the process you might now take to cut such efforts off at the pass.
“On older phones the sequence was to click [the power button] five times, but on newer phones like iPhone 8 and iPhone X, if you grip the side buttons on either side and hold them a little while – we’ll take you to the power down [screen],” Federighi said. “But that also has the effect of disabling Face ID. So if you were in a case where the thief was asking you to hand over your phone – you can just reach into your pocket, squeeze it, and it will disable Face ID.”
To function, Face ID must reference detailed scans of your face that are created when you first activate the security measure. Again, security risks could conceivably come into play. What if the government demands that Apple hand over its database of face scans, since that is useful information that might allow police to find and prosecute offenders? Fortunately, Apple seems to have considered that eventuality. There is no actual database.
“We do not gather customer data when you enroll in Face ID,” Federighi said. “It stays on your device. We do not send it to the cloud for training data.”
Once your data is provided to your phone, it is stored in the “Secure Enclave,” in the form of a mathematical model. This important step also prevents it from being easily reverse-engineered to generate a model of your face.
Face ID works by scanning your face with the RGB camera and an IR emitter. It looks for your eyes, of course, but it also considers numerous facial features such as your nose and mouth. This means there are certain convenience features that necessarily fall by the wayside, in the name of greater security.
“If you’re a surgeon or someone who wears a garment that covers your face,” Federighi admitted, “it’s not going to work. But if you’re wearing a helmet or scarf, it works quite well.”
Such limitations have been in place for other approaches Apple took to security in the past. You could get locked out of your phone if you forgot the security key, for instance. Trying to access your phone with a fingerprint scan also doesn’t work if your finger is wet or you are wearing gloves.
No amount of talking can completely dispel all consumer fears about Face ID, but it’s also worth noting the security measure can be disabled entirely if it makes you uncomfortable, much like current measures that lock away your data behind fingerprint scans. If you find that Face ID doesn’t work for your circumstances, that won’t be an issue. And if it does suit your needs, it could be a more convenient—and potentially more secure and reliable—way to safeguard your important and private data. What are your thoughts on Face ID?
Jason Venter posted a new article, Apple's Craig Federighi Tries to Clear Up Face ID Worries
I have a note 8 and in contrast, their face ID is apparently easy to break, not that I should be asking anything from Samsung with respect to software quality of their cameras
Samsung's face ID is just software running on images from their front camera -- you can fool it with a simple photo of the owner's face.
Windows Hello uses an IR camera and IR light, so it works in any conditions and can't be tricked by photos.
The apple one is a kinect1 integrated on the front of the phone. It uses an IR laser plus a diffraction grating to project a pattern of random dots, then has hardware to estimate a depth map from dot separation. It uses a separate IR source to illuminate the face as well, and also uses colour images from the front camera.
So what happened to Apple Pay on iPhone X? Did they replace Touch ID with Face ID? Because in that case: fuck no lol
Yes, they use it for payments too hehe. To be fair, it does sound pretty secure.
TouchID was "hacked" a few times. I remember a simple one was to get a photo of a finger print, print it as a negative on a laser printer (you get ridges of plastic where the toner fuses to the paper), then smear rubber glue on the print. When it's set, peel it off and you have a rubber fingerprint that will activate TouchID.
I doubt if that attack was ever used by a criminal though.
Why is that a bad thing to you?