Apple is using machine learning for Face ID. Is that a good thing?
Source – venturebeat.com
The future of all biometrics will involve artificial intelligence. That statement might seem strange. After all, biometrics is a security issue, one that often involves complex algorithms, randomly generated passcodes, and multiple authentication steps.
But in the future, data security will rely on AI and machine learning to analyze data and determine whether someone is trying to gain access illegally.
Case in point: Apple’s new Face ID technology, which will debut on the iPhone X. The device will project up to 30,000 dots on your face to create a 3D map. The data will be processed using a new A11 Bionic chip and, on a new neural engine located on the phone — importantly, not in the cloud — analyzed using machine learning. According to Apple, you can put on a pair of glasses, but the machine learning will be able to determine that it is, in fact, your face. The same AI might also scan a photograph a hacker is holding up to the phone, or even a 3D-printed mask, and compare the results to the data collected from your actual face.
Using this kind of AI for data security isn’t a temporary approach — it’s going to be a major requirement to combat the onslaught of users who are determined to compromise corporate networks. AI will analyze phishing attacks, fend off social engineering ploys, and even fight bot networks that are using ever-more-intricate methods to break into secure environments.
As a side bonus, Face ID is also simple to use: You just look at the phone. There’s no need to press your finger on a Touch ID sensor, no reason to type in a passcode. While a Face ID demo this week during an Apple event announcing the phone appeared to fail, some experts have said it worked as expected because too many people that morning looked at the phone.
That said, you might wonder: Is Face ID the best way to protect an iPhone?
Mike Fumai, the president and COO at security company AppGuard, tells VentureBeat the technology is highly secure. One of the main reasons has to do with the architecture. Face ID does not run in the cloud, and the extra processing power from the neural engine, he says, means Apple was not tempted to make the machine learning less complex as a way to boost performance on the device. He also explained that a fingerprint scan is a 2D render, but a facial scan in 3D includes many additional data points and is more secure.
“Apple is at version 1.0 so it must be easy and consistent in a vast and diverse end-user population,” he says. “[After this], imagine what facial gestures they might include in 2.0 that provide a more complex and dynamic biometric authentication.”
Fumai says the neural engine will only help improve security with each new release.
That said, there are concerns.
Stephen Maloney, the EVP of business development and strategy at security firm Acuant, says the facial recognition is a step in the right direction, but there are some interesting workarounds. Maloney says the biggest concern is that iPhone users will rely on Face ID as a single form of authentication because it’s so easy — just look at the phone and you’re authenticated. With Touch ID, some users decided to use the fingerprint reader, but then also added a passcode.
Maloney also explained that Face ID lacks what he calls active intent. With two-factor authentication, the user has to intentionally scan a finger and type a code — the user has to participate in the authentication. With Face ID, it’s possible a teenager could break into their parent’s phone by scanning Mom or Dad’s face while they’re not paying attention. (Apple states the machine learning knows if you are looking directly at the phone and it won’t work if your eyes are closed.)
The iPhone 7 has a useful security feature: You can press the Home button five times to activate your login. It’s not clear whether the iPhone X will support this feature, but it’s unlikely because, for starters, it doesn’t have a physical Home button. Plus, Face ID is meant to be fluid and easy, so you can authenticate and make purchases quickly, without any other steps. (Fumai says the iPhone X will likely still support this feature or offer some other method to re-activate security.)
Nathan Wenzler, the chief security strategist at AsTech Consulting, says the most important milestone here is the neural engine. It is a sign of things to come, he says, because it means security can become more stable, streamlined, and easy for any user. The power and functionality of the Face ID security runs on the phone itself; the user doesn’t have to remember a complex password, and he or she doesn’t have to scan a finger or an eye.
The reality? On paper, Face ID and its machine learning algorithms look promising. Every expert noted that there is no way to know if the iPhone X is highly secure until everyone — including the hackers and the security professionals — get their hands on the device.