Apple fans today will start to receive the first shipments of the iPhone X, which features Face ID, the most controversial iPhone security feature to debut in years. The facial-recognition technology raises serious questions about privacy. It also calls into question whether biometric authentication is being used safely. But experts are saying it’s a step in the right direction.
Face ID, available only on the iPhone X, replaces Apple’s fingerprint-scanning Touch ID authentication system, which debuted in 2013 on the iPhone 5S, with a camera scanner that converts the user’s face into a biometric log-in. The unique physiology of the user’s face, which the system maps to the user’s passcode, can unlock the phone.
Biometrics pioneer Dr. Joseph Atick predicts that Apple’s implementation of facial recognition and security protocols to protect the face-based biometric will enhance user security.
“Will the level of security provided by the biometric be commensurate or better than just the [passcode]? The answer is a resounding yes,” Atick told The Parallax. He points out that Apple keeps the biometric data in a hard-to-hack hardware chip on the iPhone called the Secure Enclave, as other iPhones do with the Touch ID data, and that the biometric data doesn’t leave the phone.
READ MORE ON BIOMETRICS
Special Report: The state of facial recognition
What are the risks of biometric identification?
Passwords, hackable yet accessible, are poised to stay popular
DNA for sale: Who owns your genes?
A biometrics pioneer’s plea for safeguards, privacy education (Q&A)
People use passcodes or passwords that are “easy to guess, or that they don’t change over time. From a safety point of view, there’s no doubt” that Face ID will make users safer, Atick says, because the biometric information “doesn’t leave the phone.”
Apple, which did not respond to requests for comment, explains how the facial recognition technology works in its Face ID FAQ. The proprietary TrueDepth camera built into the phone shoots an infrared photo of the user’s face, then applies more than 30,000 dots to create a face depth map. The system then uses inputs from the phone’s regular camera, flood illuminator, and proximity and ambient-light sensors to create a 3D map of the user’s face.
A person’s biometric information—a facial scan, a fingerprint, or even a heartbeat—can essentially replace the traditional username and password or passcode. And many leading technology companies beyond Apple, from Google to Samsung to Toshiba, have been experimenting with biometric authentication for a decade, even as security experts caution that biometrics’ strengths will also present challenges.
Besides using plastic surgery to change the look of a person’s face, it’s almost impossible to otherwise change biometric data derived from a person’s physiology. And although that may not be a concern now, it could become a security risk at some point—the same way that Social Security numbers have become an easily hacked way to authenticate identity.
“A Social Security number uniquely identifies a person, and biometrics are a unique identifier. When we conflate the two, it puts us in a bad place,” says Dustin Kirkland, vice president of product development at Canonical, which makes the Linux-based operating system Ubuntu. A blog post he wrote just after the launch of the iPhone 5S and Touch ID on the problems with using biometrics for authentication has received more than 3 million views, he says.
“We shouldn’t treat biometrics like a panacea.”—Al Pascual, senior vice president and head of fraud and security, Javelin Strategy and Research
One study predicts that smartphones with fingerprint readers are expected to make up 67 percent of the smartphones in use next year, up from 19 percent in 2014. A Gigya study in 2016 found that 52 percent of 4,000 consumers surveyed in the United States and United Kingdom in 2016 want to use biometric readers over traditional username-password combinations.
With the iPhone X and its Face ID reaching consumers just today, there’s no evidence yet of it getting hacked. But other biometric-authentication technologies have, says Justin Fier, the director of Cyber Intelligence and Analysis at British cybersecurity company Darktrace, including Touch ID within its first 48 hours on the market.
“A lot of secure facilities across the U.S. won’t allow biometrics because it’s been proven that they can be breached,” Fier says. “Biometrics are a great tool, when paired with two-factor authentication,” which uses two pieces of information to prove the user’s identity. “But as a single-factor authentication, I wouldn’t trust it on its own.”
Biometrics are “tragically flawed,” says Kirkland. “Biometrics are not secret, and they can’t be changed over time. They make great identifiers, but it does not work as the second factor of authentication.” A user’s face, fingerprints, and even DNA “are necessarily publicly shared pieces of your identity,” he says, “even after [being] compromised.”
It’s also possible, at least in the United States, for law enforcement agencies to force suspects to unlock devices protected by biometric authentication. Fingerprints and facial scans are legally considered obtainable physical property; knowledge of a passcode isn’t. And theft of biometric data is hardly theoretical, as proven by the 2015 hack of the U.S. government’s Office of Personnel Management.
That doesn’t mean that all implementations of biometrics for authentication are bad, or even must to be used. In most cases, as with the iPhone X, users can bypass or disable the biometric login and use just a passcode. At least for Apple, though, the relationship appears to be symbiotic. Apple said at its developer’s conference in 2016 that passcode usage actually jumped from 49 percent of all users to 89 percent of all users in the years following the introduction of Touch ID.
Atkins argues that biometrics are not inherently unsafe. “There are unsafe behaviors,” he says, such as not protecting the biometrics template that helps convert a face into computer code, or not protecting the resulting code with a hard-to-decrypt hash. “That’s not the implementation that the Apple Pay or any of the payments use,” he says.
“We shouldn’t treat biometrics like a panacea,” says Al Pascual, senior vice president and head of fraud and security at financial-consulting company Javelin Strategy and Research.
“Like any other authentication, it can be spoofed,” he says. “The important point with biometrics is that right now, it’s more difficult for criminals to compromise. So if you don’t have a viable alternative, I personally view that as scaremongering nonsense. At least with biometrics, the bar is higher to misuse it. Even when you control for all the business concerns, biometrics are safer.”