News
Apple iPhone X Announcement - Facial Recognition Security
September 2017 by Stephen Cox, Chief Security Architect, SecureAuth
Following the launch of Apple’s iPhones, the commentary from
Stephen Cox, Chief Security Architect, SecureAuth:
Among the new features in the iPhone X is advanced facial recognition technology,
called Face ID, using TrueDepth camera system. This feature quite simply has the
potential to shape the future of biometric authentication.
Biometric technology, of course, is based on the fact that each person is unique - a
person can be identified by his or her intrinsic physical or behavioural traits. But
it is important to remember that authentication via facial recognition is not new
and that no security measure alone is a silver bullet.
While it is difficult to replicate the facial features of a user, early attempts at
this technology in consumer devices were easily defeated by simply placing a picture
of the users face in front of the camera. The iPhone X has 3D capabilities that can
judge distance, a mitigation for this vulnerability. It remains to be seen how
effective it is, but you can bet that the hacker community will fervently try to
defeat it.
Still, no single authentication technique is beyond the reach of attackers. Devices
will be hacked and sensors will be tricked. It is important to layer such technology
with adaptive authentication methods, such as IP reputation, phone number fraud
prevention capabilities or behavioural biometrics. Security is very much about
layers.
