Apple iPhone X Announcement - Facial Recognition Security
September 2017 by Stephen Cox, Chief Security Architect, SecureAuth
Following the launch of Apple’s iPhones, the commentary from Stephen Cox, Chief Security Architect, SecureAuth:
Among the new features in the iPhone X is advanced facial recognition technology, called Face ID, using TrueDepth camera system. This feature quite simply has the potential to shape the future of biometric authentication.
Biometric technology, of course, is based on the fact that each person is unique - a person can be identified by his or her intrinsic physical or behavioural traits. But it is important to remember that authentication via facial recognition is not new and that no security measure alone is a silver bullet.
While it is difficult to replicate the facial features of a user, early attempts at this technology in consumer devices were easily defeated by simply placing a picture of the users face in front of the camera. The iPhone X has 3D capabilities that can judge distance, a mitigation for this vulnerability. It remains to be seen how effective it is, but you can bet that the hacker community will fervently try to defeat it.
Still, no single authentication technique is beyond the reach of attackers. Devices will be hacked and sensors will be tricked. It is important to layer such technology with adaptive authentication methods, such as IP reputation, phone number fraud prevention capabilities or behavioural biometrics. Security is very much about layers.