FACE ID: another re­minder of the para­dox of se­cu­rity

Be­cause con­ve­nience and safety don’t go to­gether.

HWM (Malaysia) - - GEAR - By Mar­cus Wong

Per­haps one of the big­gest changes Ap­ple made with the iPhone X was the in­tro­duc­tion of Face ID. In­stead of scan­ning a fin­ger­print (or two), now you use your en­tire face to gain ac­cess, as the new TrueDepth cam­era on the iPhone X will “project and an­a­lyze more than 30,000 in­vis­i­ble dots to cre­ate a pre­cise depth map of your face,” which is then used to cre­ate a se­ries of 2D images and depth maps that are safely stored in what Ap­ple calls the Se­cure En­clave on your phone.

As with Touch ID, you can also set up Face ID to ap­prove pur­chases or un­lock en­crypted data on the iPhone X with ‘just a glance’. It’s meant to be faster and more se­cure than Touch ID, but it’s also ar­guably more in­con­ve­nient. Af­ter all, hav­ing to raise the phone the rec­om­mended 25 to 50cm in front of you to un­lock it means in­con­spic­u­ously un­lock­ing the iPhone, un­der the ta­ble dur­ing a con­ver­sa­tion for ex­am­ple, is no longer pos­si­ble.

This reliance on op­ti­cal-based recog­ni­tion is prob­a­bly why some users have re­ported is­sues get­ting proper recog­ni­tion un­der ex­tremely bright sun­light. Fa­mil­ial sim­i­lar­i­ties have also proven dif­fi­cult for the sys­tem to dis­tin­guish, as mother-son pairs and twins have fooled the sys­tem. Ev­i­dently, the sys­tem isn’t as per­fect as Ap­ple would like us to be­lieve.

Ex­perts are also di­vided on the im­pli­ca­tions of a sub­set of this Face ID data be­ing made avail­able to de­vel­op­ers. Some be­lieve that Ap­ple will even­tu­ally re­lease cer­tain amounts of Face ID data to de­vel­op­ers to al­low them to in­cor­po­rate the fea­ture into their apps, and are wor­ried about how much se­cu­rity these de­vel­op­ers can pro­vide once the data is on their own servers. Oth­ers worry about how well Ap­ple can ac­tu­ally po­lice the le­gion of de­vel­op­ers they now have glob­ally.

But this isn’t new. Fin­ger­print scan­ners on phones have been rou­tinely hacked since launch, and even Sam­sung’s Iris Scan­ner on the Galaxy S8 was also hacked in due time. Ba­si­cally, the end­less cat-and-mouse game be­tween se­cu­rity ex­perts and their foils will con­tinue re­gard­less of what ‘se­cure’ tech­nol­ogy comes out next.

Mo­bile phone mak­ers will con­tinue to push new se­cure fea­tures for their phones be­cause they want to con­vince you to buy them. Yet, how se­cure can a de­vice be when it’s be­ing trans­ported around to as many phys­i­cal lo­ca­tions, and ex­posed to as many pub­lic and pri­vate net­works on a daily ba­sis, as our phones are?

The very na­ture of se­cu­rity means that ac­cess is not meant to be easy. If you truly want to keep any data se­cure, you’d be bet­ter off stor­ing it some­where else. Off­line, en­crypted, and un­der lock and key prefer­ably. Your mo­bile phone isn’t the most se­cure de­vice in the world, and it’s not meant to be. There’s just no con­ve­nience when it comes to se­cu­rity.

Newspapers in English

Newspapers from Malaysia

© PressReader. All rights reserved.