SafeUM
Home Blog Services Download Help About Recharge
EN
RU

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
EN
Lang
EN
RU
Archive
TOP Security!
30 Mar 2018

Why face unlock is a bad idea

Authenticating with your face seems like a natural choice when it comes to smartphones. Talk about convenient — you were going to look at the phone anyway, right?

The smartphone industry as a whole seems to agree. Apple wasn’t the first company to come up with the idea of unlocking a smartphone with a face, but after Apple introduced it, in the iPhone X, the whole smartphone industry followed — as it always does.

Almost every phone showcased at Mobile World Congress 2018 had this function. It’s a really bad trend, and here’s why. Actually, I don’t think that face recognition is bad per se. Quite the opposite — done right, it’s probably better then authentication based on fingerprints or PIN codes. But the devil is in details. Describing how Face ID works, we mentioned the complexity of the recognition system: It involves a regular camera, an infrared camera, and a dot projector, as well as some machine learning, secure storage, and processing. Apple has put a lot of effort and money into making the system fast, secure, and reliable — and it’s charging a nice premium for that, selling the iPhone X for $999. That price point causes a dilemma for other smartphone makers:

Their devices typically sell for quite a bit less, but they also have to keep up on features and specs. They start by trimming things that won’t be missed right away: a cheaper speaker here, slower storage there. Maybe leave out the infrared camera and the dot projector from the face-unlock module — but keep the function; it’s a selling point, after all.

The ability to use your face to unlock your phone is a feature highlighted in marketing materials, but ad copy doesn’t tend to delve too deep into how it works. Perhaps those companies don’t want to explain too clearly how they made their facial authentication significantly less advanced, less reliable, — and less secure. In most cases, an inexpensive phone’s facial recognition relies on just the front-facing camera and some not-so-advanced algorithms, maybe using a flash to take better photos. But a regular 2-D camera without an IR sensor or dot projector can be easily fooled by photos (for example, snagged from a social media profile) printed on paper or shown on a screen.

Even some of the better ones are likely still susceptible to fakery using 3-D printed masks. Even Apple’s Face ID was fooled by an “evil twin” mask attack, but phones relying on simple photos are simple gatekeepers. Not that bad, but also really bad The widespread use of face unlocking without adequate hardware will result in lower security overall for modern phones. Fortunately, for now it isn’t usually the default authentication method — codes or fingerprints are more common.

And some manufacturers use more secure systems, such as iris recognition, that are harder to fool. However, face authentication is trendy, so I expect more and more users of cheap Android phones to switch to it (Anything your iPhone can do, my phone can do, too — and at a tenth of the price!).

We highly recommend carefully checking the details of your phone’s face recognition method before enabling it. It must be really secure and not fall for photos or masks, or leak your data, or process data insecurely. Fingerprint authentication isn’t magically infallible, but at this point, it’s more secure — and a six-digit PIN is probably your best bet for now.

Tags:
data protection trends
Source:
Kasperky Daily
187
Other NEWS
25 Apr 2018 safeum news imgage Amazon has a top-secret plan to build home robots
24 Apr 2018 safeum news imgage Advanced hackers infect X-Ray machines in healthcare espionage
23 Apr 2018 safeum news imgage 'Trustjacking' could expose iPhones to attack
20 Apr 2018 safeum news imgage Google boots fake Ad blockers from Chrome web store
20 Apr 2018 safeum news imgage Data firm leaks 48 million user profiles it scraped from Facebook, LinkedIn, others
19 Apr 2018 safeum news imgage Critical unpatched RCE flaw disclosed in LG network storage devices
18 Apr 2018 safeum news imgage Apple is planning to launch a news subscription service
18 Apr 2018 safeum news imgage A big Spanish bank’s customers can now use it to transfer money
17 Apr 2018 safeum news imgage How Android phones hide missed security updates from you
16 Apr 2018 safeum news imgage Google is testing self-destructing emails in new Gmail
16 Apr 2018 safeum news imgage In a leaked memo, Apple warns employees to stop leaking information
13 Apr 2018 safeum news imgage WannaCry ransomware sinkhole data now available to organizations
13 Apr 2018 safeum news imgage Apple must pay $502.6 million to VirnetX, federal jury rules
12 Apr 2018 safeum news imgage Vevo’s YouTube account hack hits popular music videos, causes biggest video ever to disappear
11 Apr 2018 safeum news imgage Homeland security to compile database of journalists, bloggers
All news
SafeUM
Confidential Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015