Ap­ple’s Cau­tious Use of Face ID

Face ID may in­deed be more ac­cu­rate than Touch ID, but Ap­ple isn’t will­ing to say it’s per­fect. Like many bio­met­ric tech­nolo­gies, it can suf­fer an “evil twin” at­tack.

ISO & Agent - - SECURITY BIOMETRICS - BY DANIEL WOLFE

Ap­ple’s up­com­ing iphone X will ditch its fin­ger­print sen­sor in fa­vor of a mul­ti­cam­era sys­tem, but it still ex­pects some users to opt for a PIN code. In elim­i­nat­ing the fin­ger­print sen­sor to ac­com­mo­date an edge-to- edge dis­play, Ap­ple had to re­design a lot of the ways its smart­phone han­dles com­mon in­ter­ac­tions, es­pe­cially pay­ments. And while the com­pany touted the strength of its new Face ID sys­tem, it came with a few words of cau­tion.

“If you hap­pen to have an evil twin, you re­ally need to pro­tect your sen­si­tive data with a pass­code,” warned Phil Schiller, Ap­ple’s se­nior vice pres­i­dent of world­wide mar­ket­ing, in a pre­sen­ta­tion an­nounc­ing the com­pany’s new­est smart­phones.

When picked up by a stranger, that stranger has a one in a mil­lion chance of be­ing able to trick the cam­era — a huge im­prove­ment from the one in 50,000 chance with Touch ID, which Schiller de­scribed as the “gold standard” of bio­met­ric au­then­ti­ca­tion. The odds get lower when peo­ple such as fam­ily mem­bers share traits with the phone’s owner, but it has pro­tec­tions against be­ing un­locked by a sleep­ing user’s face or a photo of the user.

“Face ID also works with Ap­ple Pay,” Schiller said. “You look at iphone X to au­then­ti­cate and hold it near the pay­ment ter­mi­nal to pay.”

Third-party fi­nan­cial and se­cu­rity apps like Mint, 1Pass­word and E-trade also sup­port Face ID au­then­ti­ca­tion, Schiller said. The iphone 8, an­nounced along­side the iphone X, still uses Touch ID in­stead of Face ID.

De­spite Ap­ple’s ad­vances, the com­pany has never felt con­fi­dent enough to to­tally re­move PIN au­then­ti­ca­tion. When Touch ID launched, Ap­ple even saw fit to strengthen its PIN se­cu­rity, re­quir­ing a six- digit PIN in­stead of the four- digit PIN it sup­ported on pre­vi­ous iphones. That change made it far less likely for a stranger to guess the user’s PIN — one in a mil­lion com­pared to one in 10,000, Ap­ple said at the time.

Schiller’s warn­ing is likely in re­sponse to pub­lic­ity sur­round­ing at­tempts to de­feat bio­met­ric au­then­ti­ca­tion. In May, a BBC re­porter and his non-iden­ti­cal twin brother were able to fool HSBC’S voice bio­met­rics phone bank­ing sys­tem. Such ef­forts are wor­ry­ing for com­pa­nies that want to ad­vance bio­met­ric au­then­ti­ca­tion, even if they are un­likely to ap­ply to most con­sumers.

Ap­ple isn’t the first to sup­port fa­cial bio­met­rics for smart­phone au­then­ti­ca­tion and pay­ments. Sam­sung in­tro­duced a sim­i­lar fea­ture in its ill-fated Note 7 smart­phone last year, which had an iris scan­ner built in. The fea­ture sur­vived into its Note 8 de­vice.

Phil Schiller, SVP of world­wide mar­ket­ing at Ap­ple, ex­plains the iphone X’s fa­cial recog­ni­tion sys­tem dur­ing a pre­sen­ta­tion on Tues­day, Sept. 12.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.