I was with you until said Theresa May is the greatest leader...
Apple’s facial recognition: Well, it is more secure for the, er, sleeping user
Security watchers have given Apple’s introduction of facial recognition technology a cautious welcome. The newly unveiled iPhone X smartphone débuts an advanced facial recognition technology, called Face ID, which relies on Apple’s TrueDepth camera system. The technology features seven sensors and machine learning algorithms …
COMMENTS
-
Wednesday 13th September 2017 12:12 GMT Cynical Observer
This timeless gem from Star Trek seems appropriate
"The more they overthink the plumbing, the easier it is to stop up the drain."
-
Wednesday 13th September 2017 12:15 GMT fLaMePrOoF
The lidar technology in many newer cars would be capable of 'stealing' a person's 3 dimensional facial data without even needing close proximity or line of sight. Fingerprints, voice and iris patterns are bad enough but facial data is literally the easiest to compromise...
With the type of high end high resolution lidar being utilised by large companies and governments for 3D area mapping the facial data of large crowds could be captured in minutes or seconds...
And even without lidar it is possible to extrapolate 3D data from multiple images of a person's face, particularly with a dual camera setup.
It seems the only people not vulnerable would be Muslim women, bikers, and teens wearing hoodies...
What might an individual hacker need to compromise this new unlock feature?
1 A lidar scanner (becoming surprisingly common place, and with enough images of the target this might not even be needed)
2 A picture of the target, or preferably 2 or 3 from slightly different angles, to map onto the 3D construct of their face, not difficult at all these days... (and this won't even be necessary if the facial detection is based on geometric data only)
3 A 3D printer
-
-
-
-
Wednesday 13th September 2017 16:25 GMT Tigra 07
How can a number have negative implications? Nein isn't only associated with Hitler to modern Germans is it?
Understandable numbers to avoid in business that I can think of are: 69 and 666. Chrome and Firefox aren't far off reaching versions 69 so we'll see what happens then =P
There's probably a good joke about Internet Explorer 69 and being fucked by malware in here somewhere...
-
-
-
-
Wednesday 13th September 2017 12:50 GMT The Jon
Could you now unlock $celebrity's phone by taking a trip to Madame Tussauds?
Further, I wonder if pointing this persons phone at this artefact would magically unlock it?
-
-
Wednesday 13th September 2017 19:11 GMT John Brown (no body)
Re: Liveness check ? Circa 2013 on Android ...
"I had an Android tablet in 2013 which had Googles face-unlock feature."
As does my compnay issued Galaxy S2, but it's disabled as part of the enforced security policy implemented when connecting up to the company Exchange server. Only a PIN or password is allowed (and mandatory)
-
-
-
-
-
Wednesday 13th September 2017 14:46 GMT Dave 126
Re: What about someone who has facial reconstruction surgery?
Yeah, the phone during the keynote had been either power cycled or left too long - both of which disable biometric unlocking by design.
The passcode is also required from the user for done other operations too, so someone with a facial accident (or an accident with some super glue and a Halloween mask) can still access their phone.
-
-
-
Wednesday 13th September 2017 13:05 GMT Anonymous Coward
Cooperation
When Apple wouldn't try to unlock that iPhone and politicians went on about working with tech companies to get around encryption, is this the solution they came up with together with "the industry" aka Apple?
Some folk in the government security world are smart enough to say "well if breaking the lock won't sit well with consumers, what if we make opening it easier?"
-
Wednesday 13th September 2017 18:55 GMT Anonymous Coward
Re: Cooperation
If the dead terrorist's face was intact it might work to unlock the phone. But they'd have to do it quickly, death causes all sorts of changes in the tissues which would quickly make it no longer a match. They also have to do it quickly enough as Touch ID times out after 48 hours, and have to hope he hadn't disabled it via hitting the sleep/wake button five times or turning off the phone.
It would be a LOT easier for law enforcement to break into a dead person's phone using Touch ID (or using the other inferior facial recognition systems that can be fooled with a photograph) than Face ID. Getting the person's fingerprints (which they leave everywhere) or a picture of them is a lot easier than needing their face intact and lifelike. Perhaps a 3D printed model of the face would work, assuming there were enough photos from different angles.
I saw an article where someone who works with military grade facial recognition gear said that based on all the sensors Apple has they have the hardware sufficient for telling the difference between an actual face and a dead person or perfect 3D printed replica, but the software to do it (basically looking for the right amount of translucence in the skin and areas of greater/lesser blood flow leading to temperature differences) is very complex. He didn't believe they could get that right on day one, but thought it could improve its resistance to fakery over time as they tweak it.
-
-
-
-
-
-
Wednesday 13th September 2017 20:08 GMT Dave 126
Re: Wasps
I actually use a Nexus 5 and whatever PC is best suited to my needs - my use of CAD dictates Windows over Linux or OSX.
CAD has exposed me to some UI conventions that I still can't believe aren't more widely adopted such as Pie Menus. I have an interest in 'pervasive computing' only because I've uses for a 3D scanner.
I'm sanguine about swappable batteries, learnt the hard way that SD cards on phones are a sub optimal experience. I'm dubious that a completely modular phone is useful, but feel that a bottom edge-mounted USB port is not ideal for expanding a phones capabilities for a whole range of niche devices.
-
-
-
-
Wednesday 13th September 2017 14:55 GMT Lee D
Re: Wasps
Emergency calls are another matter entirely. If *ANYTHING* technologically gets in their way, Apple have not just failed but broken the law too, most likely.
More likely: Someone broke my nose last night and now I can't call my parents. Put on your makeup and it doesn't recognise you any more. Train it to the makeup face and it doesn't recognise the un-made-up one. Change your hairstyle and it won't let you in, etc. etc. Drag queens are really going to have a hard time, or start carrying two iPhones...
Though it should have a passcode, we've basically gone back to the lock screen being as secure as a passcode. Maybe slight convenience added, but if that's at the cost of ANY security whatsoever, then it's downhill.
-