Rick Klepper: 678.588.1622 | Doug Wilson: 205.903.3272 | Kerry Gossett: 205.281.5681 | Doug Hughes: 205.527.0876 staff@counterthreatgrp.com

This week will see the release of the impressive iPhone X, Apple’s most sophisticated and sleek iPhone by far. The device boasts an impressive OLED screen, an all-screen display, and wireless charging, yet the phone is roughly the same size as the iPhone 7. The device also utilizes facial recognition technology called Face ID which allows users to unlock their device with a simple glance. Unfortunately, as facial recognition in the smartphone arena is still fresh territory, it is unclear just how secure this method of accessing personal devices really is. Moreover, facial recognition will likely pave the way for a greater loss in personal privacy. That being said, the future is not all bleak for smartphone users, and with proper security measures in place, the iPhone X could be a tech lover’s dream.

iPhone X Capabilities

The iPhone X eclipses the capabilities of all iPhones before it. The camera is better, the screen is larger, and the device utilizes “The world’s most advanced mobile operating system,” according to Apple. The Face ID, specifically, is a ridiculously convenient feature as users no longer need to touch the home button to activate Touch ID or enter a passcode. Unlocking the phone really is as simple as looking at it. Upon purchase of the device, the user will enroll their face, i.e. the device’s TrueDepth camera “projects and reads over 30,000 infrared dots to form a depth map of the face, along with a 2D infrared image,” as stated in Apple’s Face ID security guide. From that point on, the device will intelligently recognize the user’s face, even accounting for changes in appearance including when they wear glasses, grow a beard, or as they age. Face ID can be used for other things as well such as approving purchases with Apple Pay or use in third-party apps. Needless to say, Apple enthusiasts have a lot to be excited about with the iPhone X.

Potential iPhone X Vulnerabilities

While the iPhone X seems to be a technological gem when it comes to convenience, there are many questions surrounding the actual security of the Face ID feature. For example, although Apple has assured customers that the probability of a random person successfully gaining access to a locked phone using Face ID is one in a million, the potential exists nonetheless, and is even more likely among siblings, particularly twins. Apple also cites the additional layer of security that Face ID provides by gathering a 3D mathematical representation of the user’s face. Yet in the past, multiple facial recognition software have been fooled by masks and pictures of a user’s face. Apple claims the complex 3D image taken by Face ID will withstand such tests, although we will not know for sure until the phone is released, and tech gurus and hackers alike have a chance to truly test the security of the feature. The idea of 3D printing a person’s head to crack Face ID is also a proposed vulnerability, although this would take a large amount of effort on the criminal’s part. Another highlighted security feature of Face ID is that it only works when the user is looking directly at the device, meaning it cannot be unlocked without the user’s clear intent. This could prevent criminals from simply holding the phone near the user’s face to gain access. However, some still argue that a criminal or even law enforcement personnel could easily force a user to look at their locked phone as opposed to forcing them to give up their passcode. In other words, a user’s face, out in plain sight, may prove easier and quicker to coercively obtain compared to a passcode that the user may refuse to give up or forget while under pressure. For this type of situation, Apple has installed a duress feature which disables Face ID when a volume button and side button are pressed simultaneously for 2 seconds. Although Apple has installed safeguards for the most likely security scenarios, the technology giant cannot account for the general availability of the human face. For the most part, we walk around all day everyday with our faces out in the open for everyone to see. Its how we communicate with each other. Most Americans also display their face prolifically across multiple social media platforms, so that even if a person never sees you face to face, they can still easily access pictures of your face. It is virtually impossible to keep your face a secret these days. Last year, researchers from the University of North Carolina conducted an experiment in which they were able to crack four out of five facial recognition systems using just Facebook photos. Again, although less likely to occur with Apple’s complex 3D Face ID model, it would be naïve to say criminals will not catch up to this technology. And if they do, there is virtually nothing a person can do to protect themselves because people do not have the luxury of changing their face like they would with a password.

Larger Concerns  

Aside from general security risks, there are larger concerns to consider with the utilization of Face ID. For instance, the prolific use of biometrics, notably facial recognition, means that more and more incredibly specific and personal information will be used throughout our daily lives. Private businesses and government entities will increasingly store our unique physical information in databases as opposed to arbitrary passwords that do not identify us on an extremely personal level. Additionally, in “Apple’s iPhone X proves it: Silicon Valley is getting emotional,” Mike Elgan raises the issue that Face ID stands to put even more of our personal information out in the open. More specifically, he points out that Apple’s Animoji app is designed to mimic the user’s expressions to produce a playful avatar of the person. But this technology could lead to a trend a little more sinister, i.e. emotion analysis. Elgan emphasizes that social media centers around emotions as users are encouraged in a plethora of different ways to describe how they feel about a picture, article, or just their overall mood. Advertising agencies are also constantly trying to gauge how customers feel about certain products in order to sell more of those products to people. Elgan posits that if products like Face ID could read every nuance of the human face, especially when combined with AI, these companies may learn to understand how we feel about the world around us better than we know ourselves. For example, say you see something on TV that subconsciously bothers you but does not necessarily register enough for you to consciously think about it. This technology will detect the slight reactions on your face that you do not even realize you are displaying. Such technology will also be able to detect how you feel each day, growing one step closer to penetrating your private thoughts. For some, this signifies another great leap towards the elimination of personal privacy, but for many others, the compromise of security and privacy is worth the benefit of convenience.

iPhone X Security Recommendations

If you are one of the folks who values convenience and is excited about the sheer impressiveness of the iPhone X, there are several things you can do to bolster security on the device. Firstly, sticking with a passcode as opposed to Face ID for more sensitive transactions such as using Apple Pay is a more secure way to protect critical information. Users can also outright disable Face ID on certain applications, an option that would easily ensure that appropriate security steps are taken when dealing with sensitive information. As mentioned, the device comes with a duress feature which users should familiarize themselves with to prepare for a potential theft. iPhone X owners will also be able to take comfort in the fact that their specific facial algorithm is only stored on their device on what Apple calls the Security Enclave, unless they send their information to Apple for diagnostics. But even this option should be used sparingly. Additionally, users should ensure that two-factor authentication is enabled and avoid the temptation to disable it. Two-factor authentication is an effective additional layer of security that ensures unauthorized access does not occur even if someone acquires your password. Lastly, the iPhone X should be updated as soon as software updates become available, as this will help to protect against exploits once vulnerabilities are discovered. Ultimately, if iPhone X users take proper precautionary measures, convenience and security do not necessarily have to be at odds.