Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Network Security, Governance, Risk and Compliance, Compliance Management, Privacy, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Apple iPhone X swaps Touch ID for ‘Face ID’ facial recognition unlock

Apple is swapping fingerprint verification for face recognition software in the newly revealed iPhone X, a move the company said makes the phone more secure.

The deleted the home button and Touch ID have been replaced by a slim bar of cameras and facial recognition sensors at the top of the device which will scan a user's face when the device is lifted creating what it claims is a more secure method of unlocking a user's phone, Apple executives said at the September 12 event at the Apple Park in Cupertino, Calf.

While Apple said one in 50,000 people are able to unlock an iPhone by having a similar fingerprint the firm claimed only one in a million will have a face similar enough to trick the new system. The feature can also be paired with a six-digit lock code in case for added security or those with a nosy identical twin and requires an “active user” to ensure a sleeping person or inadvertent glance doesn't unlock the device.

Apple says the feature will work regardless of hairstyles, glasses, hats and even through gradual facial changes such as with facial hair in light and dark environments. The new iOS 11 which comes standard with the devices also includes additional security features to prevent law enforcement from accessing user data without the six-digit code. The update also includes a feature called S.O.S. mode which will launch a new lock screen with options to make an emergency call or offer up the owner's emergency medical information after a user taps the phone's home button five times.

Although details on how the software will work aren't fully known, all the evidence suggests the update should be considered a simplified form of authentication, Positive Technologies Cyber Security Resilience Officer Leigh-Anne Galloway told SC Media. 

"Fingerprint scanning, facial recognition, Bluetooth, geolocation and even a short PIN are all ways to simplify access not only for yourself, but also for a potential attacker," Galloway said. "Even if the new Apple algorithm for facial recognition cannot be fooled by photography, vertical self-videos can easily be found in the public domain - for example, on Instagram - and could be used to crack the device."

Galloway added the new feature has a clear advantage over the as a replacement for fingerprint authentication, since it is unlikely to be able to unlock the phone when the owner is asleep.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.