We have always awed at cool technologies in movies like Minority Report and The Fifth Element. Flying cars, facial recognition, Artificial Intelligence- wished they were real. Today, all these technologies (except the flying car) have come into existence. Indeed, we carry them on our hands- thanks to tech companies like Apple, Google and many more.
Face ID, is one such technology that is created by Apple. It has been introduced in iPhone X and has replaced its predecessor Touch ID. Undeniably, it looks way cooler, futuristic and convenient than the previous technology. But is it secure enough? Here, I we intend not to compare Face ID with Touch ID but rather point out the vulnerabilities that Face ID can posses. So, can Apple’s Face ID handle new security risks?
We should consider two important points while judging the efficacy and security of any authentication method: –
- How vulnerable is it to attackers?
- Is the digital copy created by this authentication technique securely stored?
Moreover, in this article, we would like to emphasize the use of multifactor security and tell you why Face ID should be paired up with another authentication method.
Firstly, let us understand how Face ID functions.
How Does Face ID Function?
Unlike other facial recognition technologies that already exist, Face ID cannot be tricked or is subject to environmental factors. Face ID uses a technique known as structured light. The technique maps 3D environments. Apple’s TrueDepth mechanism shoots structured IR light onto your face. This way, it determines the depth of different points and consequently creates a perfect 3D model. This process enhances accuracy, and consequently increases security. No video or picture can trick Apple’s Face ID. Apple instructs the user to look straight at the iPhone for Face ID to function accurately. Unlike regular facial recognition mechanisms that just observe skin-texture indicators, Face ID even observes eye or pupil movement.
However, researchers have found out that exact 3D models of human face can be created using techniques like stereophotogrammetry. According to them, we should rule out the possibility of attackers finding better ways to break Apple’s Face ID.
However personally, even with the Face ID fail (login fail during the launch event) and current joke memes created on Face ID, we believe that Apple’s Face ID is a well-designed paradigm. The underlying technology has strengthened iPhone’s security that will take more than a 3D model to crack it.
But Is The Digital Copy Of Your Face Safe?
The second most important point we need to consider is how Apple stores and shares the digital copy of your face. Specifically, can a hacker gain access to the digital version of your face and compromise your account?
In theory, Apple has developed an efficient technology. According to Apple, the digital copy of your face is stored on your phone. It is shared via network or stored in the cloud. The place where it is saved is known as iPhone’s secure enclave.
The system is a SOC (system-on-a-chip) model processor. It means that the system functions on an isolated processor, which is known as SEP (Secure Enclave Processor). This processor is dedicatedly used for cryptography functions and security. Moreover, it is not connected to the main processor. In this case, the Face ID model is never handled by the main processor. It just collects results of operations that are obtained via Face ID. Strictly speaking, the main processor just receives “not matched” or “matched” results from SEP. Therefore, it’s difficult for hackers to gain access to your Face ID.
Conclusion: Is Face ID Secure Enough?
No single authentication factor is self-sufficient when it comes to stop hackers. How efficient it might be at present, it is highly possible that hackers will soon find a way out to crack Apple’s Face ID. Single authentication factors be it passwords, tokens or biometrics, have their weaknesses.
Face ID (biometrics) and other techniques that fall under the same category have become popular because they are super-convenient to use. But they are also vulnerable just like other authentication factors. Someday, we will realize it and start using multifactor authentication methods (combining two or more different authentication factors).
With time and effort, hackers could possibly develop methods to fail technologies like Face ID. However, if your iPhone requires both a password and another key to login, it would be harder to crack. This fortifies our belief in multifactor authentication system. Apple should immediately pair its top-notch Face ID with other authentication factors to ensure complete security.
What do you have to say on this? We would love to know your opinion on Apple’s face ID security. Do share your thoughts on this, in the comments section below.