Doug Lhotka

Technical Storyteller

  • Home
  • Cybersecurity
  • State of Security
  • Photography
  • 3D Modeling & Printing
  • About

Opinions and commentary are mine, and do not reflect those of my employer.

(C) Copyright 2019-2020
Doug Lhotka

3D Facial Authentication on iPhone 8?

February 23, 2017 By Doug

(c) Depositphotos / @ adogslifephoto

MacRumors has an interesting article on the iPhone8 with a rumor that it’ll forgo the fingerprint reader in favor of a 3D facial scanner.  It’s an interesting idea that could be very convenient, but would it be secure?

The obvious first question is, can it be spoofed?  It’s relatively straightforward to capture a 3d model of someones face, including visual coloration.  That can then be split into a texture, which is unwrapped digitally, printed and transferred to a flexible skin.  The 3D model can be printed on a consumer 3D printer, and the recombined with the printed skin to form a reasonably accurate 3d model of someone’s head.

Will it be good enough to spoof the sensor?  If it includes IR sensors that look for non-uniform thermal images, it’d be more reliable, but if it’s just an image and morphology recognition, it should be possible.  A lot will depend on the tolerance built in, and most facial recognition systems have a crossover problem.

Assuming Apple releases a phone that has this, and allows charging and headphones at the same time, without looking like (homage to Bruce here) a bleached squid is dangling from my shirt, I’ll give it a try and let you know.

Next we have the issue of compelled unlocking.  This is a murky area of law, and we don’t have clear direction.  Forcing someone to type in a password is probably not going to survive.  Requiring someone to press a finger to a sensor is currently winding it’s way through the courts, and that outcome is definitely in the grey area.

I suspect that requiring someone to hold still while a phone is held up in front of their face is likey to be permitted.

Last, these systems have real challenges with false positives and negatives – they range from nearly a joke (hold up a picture), to annoying (high failure rate).

Apple’s managed to do some interesting things with usable user-friendly security, so if anyone can get the tradeoffs right, it’s probably them.  I just hope it’s not the sole option on a flagship product.

 

Filed Under: Security

Cybersecurity

Photography

3D Modeling & Printing

Recent Posts

  • Grand Canyon HDR
  • Grand Canyon First View
  • Grand (foggy) Prismatic Spring
  • Sunny Day at Grotto Geyser
  • Sapphire Pool