Facial Recognition Works on iPhone X. Sometimes.

The iPhone X might be the future of Apple’s smartphone design, but its lauded Face ID facial recognition system has an issue with people under 13: it’s much more difficult to tell them apart.

In a security guide which was published Wednesday 27th September, Apple recommends that children under the age of 13 do not use Face ID due to the probability of a false match being significantly higher for young children. The company said this was because “their distinct facial features may not have fully developed”.

While few young children are likely to be given a £999 iPhone, false matches are also more likely for twins and siblings. In all those situations, the company recommends concerned users disable Face ID and use a passcode instead.

For most users, those over 13 without “evil twins”, as Apple’s head of iOS Craig Federighi describes them, the bigger concern is deliberate attacks. Touch ID, Apple’s fingerprint sensor, was famously bypassed just two days after it was launched in the iPhone 5S, using a fake fingerprint placed over a real finger.

With Face ID, Apple has implemented a secondary system that exclusively looks out for attempts to fool the technology. Both the authentication and spoofing defence are based on machine learning, but while the former is trained to identify individuals from their faces, the latter is used to look for telltale signs of cheating.

“An additional neural network that’s trained to spot and resist spoofing defends against attempts to unlock your phone with photos or masks,” the company says. If a completely perfect mask is made, which fools the identification neural network, the defensive system will still notice – just like a human.

Apple is also confident that it won’t fall prey to issues of algorithmic bias that have plagued many attempts to use neural networks at scale. High-profile examples of such failures include the photo-labelling system that ltagged black people as gorillas, or the word-association model which states that men are computer programmers and women are homemakers.

Whenever its initial training exposed a demographic shortcoming, Apple says, it “augmented the studies as needed to provide a high degree of accuracy for a diverse range of users”. Time, and millions of people around the world using the technology, will tell whether the effort worked, but the company sounds confident.

One area the system will struggle with, however, is facial coverings. Apple says that “Face ID is designed to work with hats, scarves, glasses, contact lenses and many sunglasses,” but ultimately two things dictate whether or not it has a chance of success.

The first is whether the coverings are transparent to infrared light, and the second whether the system can see the eyes, nose and mouth. While some fabrics are more transparent to, infrared than they may seem, that means iPhone users who cover their faces may be forced to rely on a passcode when out and about.

Separately, Apple has also confirmed that the depth-sensing technology included in the iPhone X is not allowed to be used by developers to create their own facial biometrics, a possibility which had concerned many privacy activists.

The depth sensor data is not directly available to developers, but the camera API now allows them to receive a pixel-by-pixel measure of how far features in an image are from the lens, a system intended to be used to enable image manipulation such as Apple’s own portrait mode.

That could theoretically be used to build a standalone authentication feature, albeit one that is less precise than Apple’s own, but the company has updated its App Store policies to prevent developers from attempting to do so.

“You may not attempt, facilitate, or encourage others to identify anonymous users or reconstruct user profiles based on data collected from depth and/or facial mapping tools,” the company’s developer guidelines now state.

Guardian:

You Might Also Read: 

Apple's Driverless Cars:

Chinese Criminals Are Selling Your Apple Data:

« Postmortem: WannaCry Ransomware Explained
A New Approach To Combat Phishing »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

King & Spalding

King & Spalding

King & Spalding is an international law firm with offices in the United States, Europe and the Middle East. Practice areas include Data, Privacy & Security.

Synopsys

Synopsys

Synopsys delivers trusted and comprehensive silicon to systems design solutions, from electronic design automation to silicon IP and system verification and validation.

Infiltrate

Infiltrate

INFILTRATE is a deep technical conference that focuses entirely on offensive security issues.

Norton Rose Fulbright

Norton Rose Fulbright

Norton Rose Fulbright is a global business law firm. Practice areas include Data protection, Privacy and Cybersecurity.

Center for Strategic Cyberspace & International Studies (CSCIS)

Center for Strategic Cyberspace & International Studies (CSCIS)

CSCIS seeks to advance global cyberspace security and prosperity by providing strategic insights for cyberspace and policy solutions to decision makers.

NovaTech Automation

NovaTech Automation

NovaTech products and services make the world’s power grids and essential process industries more reliable, efficient, sustainable and secure.

Squalio

Squalio

Squalio is an information technology group that delivers solutions and services for secure and effective IT management.

Verafin

Verafin

Verafin is one of the North American leaders in fraud detection and AML software.

Glilot Capital Partners

Glilot Capital Partners

Glilot Capital Partners is an Israeli seed and early-stage VC. We specialize in businesses which disrupt enterprise technology, mainly in the fields of AI, big data and cybersecurity.

Swiss Cyber Forum (SCF)

Swiss Cyber Forum (SCF)

The Swiss Cyber Forum (SCF) builds competences and helps its members to mitigate the cyber risks associated with digitalisation.

Panther Labs

Panther Labs

Panther’s mission is to make security monitoring fast, flexible and scalable for all security teams.

Verica

Verica

Verica uses chaos engineering to make systems more secure and less vulnerable to costly incidents.

GoPro Consultants

GoPro Consultants

GoPro Consultants is an IT Consultancy and IT Managed services provider Globally with immeasurable expertise of IT professionals in Hardware/Support & Consultancy and Project Planning.

Kralos

Kralos

Kralos are an experienced team of Software and IT experts, specialized in the development of innovative cybersecurity solutions.

WBM Technologies

WBM Technologies

WBM Technologies is a Western Canadian leader in the provision of outcomes-driven information technology solutions.

Keyrus

Keyrus

Keyrus is a global consultancy that develops data and digital solutions for performance management.