To iPhone X . . . Or Not
Like so many iPhone users, the Face ID function on the iPhone X makes most of us at Safertech kind of uneasy. We don’t love the idea of iPhone taking a picture of our face, analyzing it with such apple technological perfection that just by looking at the front of the phone, our face could be used to turn on the phone. Ugh, it just feels waaay too personal and intimate.
But for many, the allure of the NEW is just too hard to pass up.
Taylor from our office is one of the many. He’s got the X. After clutching it for about a month, he’s given us his X experience and addresses the cyber security questions. This is pretty cool: He discovered that our Creep Blockers solve the camera hack predicament with sleekness, style and keeps the Face ID function working.
Taylor, In Praise of the iPhone X:
I hate to admit it, but whenever a new iPhone comes out – regardless of the state of my current device – I need (want) it. So as soon as the iPhone X was announced in September, I was anxious to get my hands on it. Like many I stayed up till 12:01am on the first day of pre-order and was lucky enough to reserve one for in-store pickup on launch day. I showed up at my appointment time, walked past the hundreds of people camped out hoping to buy one, checked in and was walking out with the new phone up and running in about 30 minutes.
It’s So Small. Wait, is it Smaller?
Coming from a 7 Plus, the first thing that struck me was the form factor. It’s definitely smaller than a Plus. But just as the plus felt “huge” when I first upgraded, I quickly grew accustomed to the size and have yet to think “this is too small”. Aside from the size, I was (like many others) immediately taken aback by the lack of a home button. How do I even get it?! Which brings us to the real point of discussion here – Face ID.
It Works Like This
I opted to skip Face ID setup in-store, as not to have to go through some strange series of selfies in the middle of an Apple store on launch day. But back at my office, the setup was quick and easy. Just a series of “selfies” turning your head around in weird positions and just like that I was up and running.
Despite the various pre-launch rumors I’d read, Face ID worked great. Since the first time I “scanned in” it’s worked almost flawlessly and (IMO) is much more convenient than Touch ID. Driving in my car at night, I tap the screen of my phone mounted on my dashboard. It lights up – and without any other action my phone is unlocked and ready to go. Truly amazing. This thing really does what they said it would. But after a few days of use, like many others, I began to wonder about the security of all this. Having a 3D scan of my face get out to the world would probably NOT be a good thing. So I did a little investigating and here’s what I learned.
So is Taylor Really that Concerned About the Privacy and Security of FaceID Data? Not Really.
Although there’s been several reports of people successfully “hacking” Face ID over the last few weeks, Taylor says that in his opinion most of these are either flat out false or people over-hyping known issues Apple has already addressed.
He Breaks Down a Couple of the “Stories.”
A “Vietnamese security firm Bkav released a blog post and video showing that—by all appearances—they’d cracked Face ID…”
“…The researchers concede, however, that their technique would require a detailed measurement or digital scan of the face of the target iPhone’s owner.” (https://www.wired.com/story/hackers-say-broke-face-id-security/)
So unless you have a 3D scan of someone’s face, sophisticated software and a 3D printer – this isn’t something you can do. The average user shouldn’t really be concerned about this, since the time and effort it would take to re-create would likely outweigh the benefits.
I’ve also heard about children being able to unlock their parents devices and Face ID failing to discern between identical twins. Well Apple has stated from the very beginning that: “The probability that a random person in the population could look at your iPhone X and unlock it using Face ID is approximately 1 in 1,000,000 (versus 1 in 50,000 for Touch ID) The statistical probability is different for twins and siblings that look like you and among children under the age of 13, because their distinct facial features may not have fully developed. If you’re concerned about this, we recommend using a pass code to authenticate.”
So identical twins and young children might be able to “trick it”, which Apple already told us and people have now proven. I actually know two identical twins and they confirmed Face ID cannot differentiate between them. But even so, unless you have a crazy evil twin, I wouldn’t be too concerned that my sibling or child might be able to get in my phone.
What About Hackers?
Couldn’t they access your Face ID data? Well from what I know, that’s next to impossible. Per Apple: “Face ID data, including mathematical representations of your face, is encrypted and only available to the Secure Enclave. This data never leaves the device. It is not sent to Apple, nor is it included in device backups. Face images captured during normal unlock operations aren’t saved, but are instead immediately discarded once the mathematical representation is calculated for comparison to the enrolled Face ID data.”
No one has been able to get into the “Secure Enclave” to access Touch ID data, hence why the government and authorities can’t even get into the phones of criminals. Could it be done? Probably? Would it be easy and/or worth the time and effort? Probably not…
I Think People are Missing One of the Most Important Features About Face ID
There’s the issue of being forced by someone (think: criminals, law enforcement, government officials) to unlock your phone so they can gain access to all your personal data. This issue has become an increasingly popular topic in the world of privacy rights. In 2014, a Virginia judge ruled that a defendant cannot be forced to hand over an alphanumeric pass code, however they could be compelled to provide their bio metric information to unlock a device. This is huge. In early 2016, Forbes found what it described as the first known case of a warrant being used to compel an iPhone owner to unlock their device with their biometric information. Thus setting a precedent that while you don’t have to give away your passcode, you could be forced to use your fingerprints (Touch ID) and possibly facial data (Face ID) to unlock your phone.
Now I Know You’re Thinking: “I’m Not a Criminal, What Do I Have to Hide?”
Well consider another scenario – a thief stops you on the street and forces you at gunpoint to unlock your phone and transfer money. It would seem a lot easier for said criminal to just hold the phone to your face or finger, rather than threatening you until you relinquished the passcode. Scary right?
Well good news, Apple already thought of this situation. Enter Emergency SOS. A feature that’s been around since Touch ID, but is little known by most people. By pressing and holding either volume button and the side button simultaneously for 2 seconds, you enable “SOS” mode on your phone and FaceID (and Touch ID) is disabled. With the phone now locked, the only way to unlock and re-enable Face ID is to enter your passcode. So if you get robbed or are just paranoid about government agencies wanting access to your personal information – remember the emergency shortcut to quickly lock down your device.
My Likeness is Not Private
I’ve had my thumbprint taken at the DMV, I’m a Global Entry / TSA PreCheck member so they have all 10 of my fingerprints and a scan of my face, I’ve been to venues (think Vegas Casinos) that employ facial recognition software in their surveillance systems, I post photos of myself on social media, and the list goes on… You can see where I’m going here, there’s already a bunch of my information out there and while I’m mindful to limit it, there’s only so much you can do. And frankly, if someone wants to get their hands on my biometric data – I’m more concerned about security vulnerabilities of the antiquated government systems than the encrypted secure enclave inside my phone.
Here’s the Bottom Line
I’d be much more concerned about hackers being able to access the camera on my laptop or phone, than accessing my secure biometric data.
Luckily, we at Safertech found a way to protect against someone accessing your phone camera (MUCH easier to do than you’d think) while still being able to use the convenience and ease of Face ID. Our Creep Blocker® products, originally designed to block the cameras and microphones on laptops / phones / tablets / etc. are fully compatible with iPhone X and will still let you make use of Face ID. By applying one of the smaller Creep Blocker decals right in the middle of the TrueDepth camera (aka the “notch”) – you can cover the “selfie” camera without blocking the Infrared Camera and Dot Projector that power Face ID.
No Need to Visualize, the Video Demo Breaks it Down
The Dot Projector and IR camera are on the far left and right of the “notch”. Though you do need the actual camera for the initial setup of Face ID, once it’s setup it only uses the IR Camera and Dot Projector to scan your face and ensure it’s a match. There’s more technical info on all of this here in the Apple guide link below.
But basically by only covering the middle of the “notch” and leaving the outsides exposed, you can use FaceID and block your “selfie camera” for privacy reasons at the same time.
So am I scared of Face ID? No.
Could there be risks? Of course.
Are these risks enough to scare me out of using a feature that’s extremely convenient in my everyday life? No.
Can I be mindful of my privacy while still using the latest and greatest tech? Most definitely.
Main Points You Need to Know
The good news is, Apple claims that your facial ID data is not given to anyone else. It is stored locally to your device, and that’s where it lives.
Per the Apple Face ID Security guide…
“Face ID data, including mathematical representations of your face, is encrypted and only available to the Secure Enclave. This data never leaves the device. It is not sent to Apple, nor is it included in device backups.”
A big concern at Safertech isn’t always with Apple itself, but with third-party apps. They are known for taking your data, sometimes in not so obvious ways! In that regard, Apple says…
“Third-party apps can use system provided APIs to ask the user to authenticate using Face ID or a passcode, and apps that support Touch ID automatically support Face ID without any changes. When using Face ID, the app is notified only as to whether the authentication was successful; it cannot access Face ID or the data associated with the enrolled face.”
OK, so more good news, we’re safe from third-party apps accessing data about us.
But…The Camera is Still Always On. Sort Of.
Creep Blockers come in all sizes, colors, and fun sayings! We have two versions of Creep Blockers – bold and to the point, or sweet and fun! You can easily remove them and add them back onto your camera and or microphone. While on your phone, they muffle your microphones so hackers can’t listen to you. If they try to access your camera, good luck! They won’t be able to see a thing.
Creep Blockers come in one sheet of stickers for a great price. Stickers come in all sorts of sizes depending on what you’d like covered. We have a whole row of stickers that are PERFECTLY SIZED for the iPhone X! If you’d like to protect your camera with your new phone, this is the perfect product to do so. If you have the iPhone X, you can keep the Dot Projector and Infrared Camera uncovered so the phone can still be turned on via Facial Recognition.
What are your thoughts on the iPhone X? Let us know in the comments below!
Tech Crunch on Biometrics - https://techcrunch.com/2017/09/13/iphone-xs-face-id-raises-security-and-privacy-questions/
Apple FACE ID security guide - https://images.apple.com/business/docs/FaceID_Security_Guide.pdf