- in News
Although the facial recognition features aren’t new to the market, they have in the past proved less than secure. Indeed, it was revealed a while back that these facial recognition systems could be fooled by two dimensional pictures. As it is relatively easy to obtain someone else’s picture, this effectively meant that facial recognition was not so much a security feature as a vulnerability just waiting to be hacked.
But it seems that the iPhone X facial recognition system is made of sterner stuff and has won the approval of security experts in the process. Face ID – as Apple has called it – uses the company’s TrueDepth camera system. This combines seven sensors and a proprietary machine-learning algorithm. The user’s facial features are stored in a so-called “Secure Enclave” of the phone (just like the fingerprint data) as a set of mathematical details. All processing to verify the would-be user’s face against the stored digital face map of the authorized user, is done inside the phone itself. At no stage does any of the data or analysis leave the secure area.
The reason why this system cannot be defeated by stolen images is because of the Depth feature in TrueDepth. The system can detect distance by using a “Dot Projector” to project 30,000 invisible dots onto the face. These dots are read by the infrared camera and then converted into mathematical data by the algorithm, using a dual-core neural engine inside the A11 Bionic chip. This processing operation is no mean feat and comprises 600 billion operations per second.
When it comes to activating the phone, the process is repeated and the data from the scan is compared to the stored mathematical model. As this data is from an original 3D scan, it would be impossible to fool with a 2D photo. Apple even tested the system by having Hollywood studios create very realistic masks to ensure that even such masks could not fool the system.
The system even has an extra layer of security called “Attention Aware” – meaning that it only works if the user is looking directly at the camera. However, this Attention Aware feature can be turned off. The reason they made it optional is because it some people might find it hard to stare at the camera and hold it while the scan is being done. But it is probably wiser to keep the feature switched on, as otherwise, someone could gain access to your phone by knocking you out or activating it when you are asleep. Apple uses Attention Aware in other ways too, such as keeping the screen lit when you are looking at it and also lowering the volume of the ringtone and alarm.
However, Apple has added yet another layer of security to FaceID, which can’t be deactivated: a two-strikes and out rule. After two failed attempts, you can only unlock the phone with your passcode. This is in contrast to TouchID, where it only locks after five attempts. And of course, if you don’t want to use FaceID, you can disable it altogether by pressing the side and volume buttons simultaneously. Then the phone defaults to passcode regulated access.
What is interesting, and clever, is that while FaceID cannot be fooled by flat pictures of the user, it can make allowance for a change of clothing or even facial appearance. This is one of the powerful advantages of the machine learning algorithm Thus hats and scarves – or even glasses and beards – can be worn without leading to false negatives. It can also determine if part of the face is being concealed and if so, it can determine if the visible part belongs to the bonafide user.
In the case of beards, the system allows for changes in the face over time. Hence growing hair or a growing beard will be recognized as the changing appearance of the user instead of throwing false negatives and sending you scrambling for your passcode.
Regarding sunglasses, the infrared penetrates most lenses, if not the frames, and can thus build up a picture to compare to the base image.
The system is equally flexible regarding the viewing angle. Even if you are not holding the phone straight, relative to your face, it can still compare the stored and current scans, without throwing up false negatives, as long as you are looking straight at the phone.
Some have questioned whether facial recognition is any more accurate – or convenient – than a fingerprint-based system. But Apple claims that the chance of false positive with FaceID is 1 in a million, compared to 1 in 50,000 for fingerprints. However, there is an exception to that in the case of identical twins. Even with the same DNA, identical twins have distinguishable fingerprints – except in extremely rare case. However, Apple concedes that the risk of a false positive increases if you have a twin hatched from the same egg.
On the other hand, FaceID is limited to one face per device, unlike TouchID which allows for multiple fingerprints – and multiple users – having stored profiles and access to the device.
With such strong security featured, it is not surprising that Apple is using FaceID not only to unlock the iPhone but also to authorize Apple Pay payments.
Rumor has it that Apple “trained” this system with more than a billion face images before they considered it secure and robust enough to go live with it.
Now we’ll see how it works in the field.