Apple faces iPhone X identity concerns

Apple has released a guide to its IPhone X Face ID system, which should have the ability to distinguish between a real person’s face and a hoax.

According to the BBC, Face ID is easy to fool, because of photos, video clips and 3D models shown to sensor; making them unsuitable for payment authentication or other security-sensitive circumstances.

The iPhone X also lacks the Touch ID fingerprint sensor found on its other iOS phones and tablets.

This is how its Face ID system works, according to the BBC:

  • Two sets of readings are taken by the sensors – a “depth map” of the face created by shining more than 30,000 invisible infrared dots on it, and a sequence of 2D infrared images
  • These readings are taken in a randomised pattern that is specific to each device, making it difficult for an attacker to recreate
  • The data is then converted into an encrypted mathematical formulation
  • This is then compared to similarly encoded representations of the owner’s face stored within a “secure” part of the processor

Apple announced it carried out many controlled tests, involving three-dimensional masks.

Other details revealed by the BBC include:

  • Face ID data cannot be saved off the device by the user, but some diagnostic data can be shared with Apple if express permission is given
  • the system will automatically augment its stored mathematical representations of the owner’s face over time to take account of ageing
  • if a failed match occurs but the user then types in their passcode immediately afterwards, it will also take account of “dramatic changes” – such as a shaved-off beard or altered make-up – to allow later facial recognition checks to work
  • Apple does not recommend Face ID’s use by under-13s because their distinct facial features may not have settled to an adequate degree. But bearing in mind the iPhone X starts at £999 and only allows one face to be registered to a device, this limitation is unlikely to have much impact

The feature tends to continue lab-based trials to further train the network and offer updates to users over time.