Facial Recognition Works on iPhone X. Sometimes.

The iPhone X might be the future of Apple’s smartphone design, but its lauded Face ID facial recognition system has an issue with people under 13: it’s much more difficult to tell them apart.

In a security guide which was published Wednesday 27th September, Apple recommends that children under the age of 13 do not use Face ID due to the probability of a false match being significantly higher for young children. The company said this was because “their distinct facial features may not have fully developed”.

While few young children are likely to be given a £999 iPhone, false matches are also more likely for twins and siblings. In all those situations, the company recommends concerned users disable Face ID and use a passcode instead.

For most users, those over 13 without “evil twins”, as Apple’s head of iOS Craig Federighi describes them, the bigger concern is deliberate attacks. Touch ID, Apple’s fingerprint sensor, was famously bypassed just two days after it was launched in the iPhone 5S, using a fake fingerprint placed over a real finger.

With Face ID, Apple has implemented a secondary system that exclusively looks out for attempts to fool the technology. Both the authentication and spoofing defence are based on machine learning, but while the former is trained to identify individuals from their faces, the latter is used to look for telltale signs of cheating.

“An additional neural network that’s trained to spot and resist spoofing defends against attempts to unlock your phone with photos or masks,” the company says. If a completely perfect mask is made, which fools the identification neural network, the defensive system will still notice – just like a human.

Apple is also confident that it won’t fall prey to issues of algorithmic bias that have plagued many attempts to use neural networks at scale. High-profile examples of such failures include the photo-labelling system that ltagged black people as gorillas, or the word-association model which states that men are computer programmers and women are homemakers.

Whenever its initial training exposed a demographic shortcoming, Apple says, it “augmented the studies as needed to provide a high degree of accuracy for a diverse range of users”. Time, and millions of people around the world using the technology, will tell whether the effort worked, but the company sounds confident.

One area the system will struggle with, however, is facial coverings. Apple says that “Face ID is designed to work with hats, scarves, glasses, contact lenses and many sunglasses,” but ultimately two things dictate whether or not it has a chance of success.

The first is whether the coverings are transparent to infrared light, and the second whether the system can see the eyes, nose and mouth. While some fabrics are more transparent to, infrared than they may seem, that means iPhone users who cover their faces may be forced to rely on a passcode when out and about.

Separately, Apple has also confirmed that the depth-sensing technology included in the iPhone X is not allowed to be used by developers to create their own facial biometrics, a possibility which had concerned many privacy activists.

The depth sensor data is not directly available to developers, but the camera API now allows them to receive a pixel-by-pixel measure of how far features in an image are from the lens, a system intended to be used to enable image manipulation such as Apple’s own portrait mode.

That could theoretically be used to build a standalone authentication feature, albeit one that is less precise than Apple’s own, but the company has updated its App Store policies to prevent developers from attempting to do so.

“You may not attempt, facilitate, or encourage others to identify anonymous users or reconstruct user profiles based on data collected from depth and/or facial mapping tools,” the company’s developer guidelines now state.

Guardian:

You Might Also Read: 

Apple's Driverless Cars:

Chinese Criminals Are Selling Your Apple Data:

« Postmortem: WannaCry Ransomware Explained
A New Approach To Combat Phishing »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Planit Testing

Planit Testing

Planit is a leader in Quality Assurance and a specialist in software testing and training services.

Fraunhofer Institute for Secure Information Technology (SIT)

Fraunhofer Institute for Secure Information Technology (SIT)

Fraunhofer SIT is a research centre specialising in all areas of IT security.

Westminster eForum

Westminster eForum

Wesrtminster eForum runs a series of conferences on matters relating to the UKs Digital Strategy. Topics include Smart Cities and Cyber Security.

SQNetworks

SQNetworks

SQNetworks provides a full range of cybersecurity consultancy, services and solutions.

Netmarks Indonesia (NMID)

Netmarks Indonesia (NMID)

Netmarks Indonesia is an IT solutions provider offering services related to ICT infrastructure, digital transformation and cyber security.

Level Effect

Level Effect

Level Effect is developing new capabilities to bring a unique perspective on proactive network defense and advanced security analytics.

Dutch Innovation Park

Dutch Innovation Park

Dutch Innovation Park in Zoetermeer is a breeding ground for applied IT solutions in the field of cyber security, e-health, smart mobility and big data.

CHEQ

CHEQ

CHEQ provides fully autonomous, preemptive technology for brand safety and ad-fraud prevention.

MainNerve

MainNerve

MainNerve helps secure networks, applications, people, and facilities… enabling businesses to reduce risk and increase their cybersecurity posture.

Senteon

Senteon

Senteon is a turnkey cybersecurity platform designed to make securing confidential data affordable, understandable, and streamlined for small-to-mid sized businesses and MSPs.

Evanssion

Evanssion

Evanssion is a value added distributor specialized in Cloud Native & Cyber Security across Middle East & Africa.

Open Source Security Foundation (OpenSSF)

Open Source Security Foundation (OpenSSF)

OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.

Gulf Business Machines (GBM)

Gulf Business Machines (GBM)

GBM is a leading end-to-end digital solutions provider, offering the broadest portfolio, including industry-leading digital infrastructure, digital business solutions, security and services.

SNC-Lavalin

SNC-Lavalin

SNC-Lavalin is a fully integrated professional services and project management company with offices around the world.

Moonsense

Moonsense

Moonsense is on a mission to level the playing field in the fight against online fraud.

Mantodea Security

Mantodea Security

Mantodea Security is an industry-agnostic powerhouse backed by extensive experience and expertise in the realm of IT security.