Apple has released a guide to its IPhone X Face ID system, which should have the ability to distinguish between a real person’s face and a hoax.
According to the BBC, Face ID is easy to fool, because of photos, video clips and 3D models shown to sensor; making them unsuitable for payment authentication or other security-sensitive circumstances.
The iPhone X also lacks the Touch ID fingerprint sensor found on its other iOS phones and tablets.
This is how its Face ID system works, according to the BBC:
- Two sets of readings are taken by the sensors – a “depth map” of the face created by shining more than 30,000 invisible infrared dots on it, and a sequence of 2D infrared images
- These readings are taken in a randomised pattern that is specific to each device, making it difficult for an attacker to recreate
- The data is then converted into an encrypted mathematical formulation
- This is then compared to similarly encoded representations of the owner’s face stored within a “secure” part of the processor
Apple announced it carried out many controlled tests, involving three-dimensional masks.
Other details revealed by the BBC include:
- Face ID data cannot be saved off the device by the user, but some diagnostic data can be shared with Apple if express permission is given
- the system will automatically augment its stored mathematical representations of the owner’s face over time to take account of ageing
- if a failed match occurs but the user then types in their passcode immediately afterwards, it will also take account of “dramatic changes” – such as a shaved-off beard or altered make-up – to allow later facial recognition checks to work
- Apple does not recommend Face ID’s use by under-13s because their distinct facial features may not have settled to an adequate degree. But bearing in mind the iPhone X starts at £999 and only allows one face to be registered to a device, this limitation is unlikely to have much impact
The feature tends to continue lab-based trials to further train the network and offer updates to users over time.