When Apple announced the new iPhone X on Wednesday, it wasn’t the slick edge-to-edge design, water resistant exterior and wireless charging capabilities that grabbed people’s attention. Sure, these new features may help soften the blow when forking out $999+ for a new phone, but it’s the Face ID software that’s been dominating this week’s headlines.

You pick up your iPhone, let the device scan your face, and voilà – like magic, your phone is unlocked. Better still, it’s more than just a flashy gimmick to make you feel like you’re in a sci-fi movie; Apple claims Face ID is around 20 times more secure than the current fingerprint-based Touch ID system.
Sounds great, right? Not necessarily. We’ve decided to scratch below the surface to see whether it’s really as secure as it sounds.

iPhone X technology

Facial recognition for authentication has been around for some time with varying degrees of success. However, its adoption by Apple, a company famed for its security and privacy features, comes at an interesting time following Samsung’s recent and much publicized flaw in its own facial recognition technology.
Confident they’ve cracked it, Apple’s Face ID uses an infrared system they’ve called TrueDepth. Similar to the technology used to capture actors’ face shapes before they become digitally enhanced for films, the software projects a grid of 30,000 invisible light dots onto the user’s face, allowing the infrared camera to capture the distortion of the grid as the user rotates their head.
Once mapped, the device stores this data and uses it as authorization to unlock the phone, confirm Apple Pay transactions, or even create custom ‘animojis’.


The dangers

The complexities of facial structures, as well as the company’s reputation, certainly gives credibility to the claims of greater security. However, Apple’s SVP of marketing Paul Schiller’s confession that the biometric technology may not be suited to twins does raise serious concerns.
As we found out with its predecessor, Touch ID, it’s not much of a stretch of the imagination to picture false facial authentication of relatives, lookalikes or even 3D printed models through Face ID. Importantly, we can’t change our biometric data like we can change a password whenever necessary, so the stakes are even higher.
Whether we like it or (in most cases) not, our faces can change quite drastically over the space of only a few years. Face ID compensates for this, using smart machine learning techniques to recognize these changes and adapt accordingly.
Apple didn’t face the same problem with Touch ID, as our fingerprints change very little over a lifetime. Exposing a potentially new and worrying type of vulnerability, where the technology could be used to ‘train’ a device to slowly start recognizing someone completely different from the owner.
Unsurprisingly, another key issue that has got people tweeting in their numbers is the ease of forced entry. There have been numerous reports of government organizations, muggers, and even paranoid partners forcing authentication using the fingerprint sensor.
Although Apple hasn’t released further information about how active the user will need to be to unlock the iPhone X, the likelihood is a more passive user experience, which could well make it easier for involuntary entry.

The implications

Judging by the buzz since its unveiling, Apple’s new iPhone X definitely has the wow factor. As always, the designers value and prioritize user experience and feel that a passive and modern authentication system aligns with this vision. What remains to be seen is the price (not just the +$999) that people are willing to pay for this.
Only time will tell whether users are comfortable with and accept Face ID technology, what will happen with the gathered biometric data, and what permissions can be granted with a quick selfie.
With these uncertainties, as well as the potential threats exposed by facial-recognition software, it’s no surprise that Apple made sure they hit home the ‘improved’ security message throughout its launch.
[text-blocks id=”3610″]