9

This paper demonstrates how face liveness detection could be easily defeated by virtual models built from your public photos.

If you consider the instagram/snapchat phenomenon where users post selfies and front-facing videos on a daily basis + the rapid improvement of optical sensors (even on the cheapest smartphones), wouldn't be risky to Apple make Face ID a primary authentication method?

Anders
  • 64,406
  • 24
  • 178
  • 215
Acacio
  • 93
  • 6
  • Is your main concern whether it can effectively tell the difference between a 2d and 3d face, i.e you can just show it a photo or image to bypass the authentication? – TrickyDupes Sep 12 '17 at 12:52
  • My concern is 3d face could be easily replicated using the technique described on the paper. e.g you could build a 3d model using a series of photos/videos from target instagram profile – Acacio Sep 12 '17 at 13:12
  • 1
    Ye I think this is another example of convenience over security. Fingerprint id is much worse than a 6 digit pin in terms of actual device security (much easier to subvert this form of auth if you are sleeping or otherwise incapacitated). Facial ID is also a bit of a gimmick and users like gimmicks. I would not use facial recognition as the primary auth method. – TrickyDupes Sep 12 '17 at 13:16
  • But your fingerprint isn't spread online in every social network. People do not usually post hi-res pictures from their thumbs lol. Why people think Facial Recognition is a stronger biometric than fingerprints? – Acacio Sep 12 '17 at 13:24
  • 1
    My point was fingerprint and facial recognition IS weaker than a decent passphrase or pin. Muggles just love gimmicks though. – TrickyDupes Sep 12 '17 at 13:28
  • I got it. It's just that as Apple is embracing facial recognition, it is very likely to become mainstream. I think from now on, manufacturers will tend to ditch fingerprints in favor of facial recognition and this can make things even worse. Anyway, people would be better with a 6 digit pin as you said. – Acacio Sep 12 '17 at 13:36
  • It is worth noting that this doesn't appear to counteract any 3d facial recognition, just detection that relies on seeing a 2d image moving. 3D detection (where actual 3d information is available) doesn't appear that it would be impacted by this approach. I don't know what Apple Face ID uses though. – AJ Henderson Sep 12 '17 at 14:08
  • I'm not sure if it is supposed to be a primary authentication method. Just a convenience to quickly unlock the phone, something we do hundreds of times each day. The PIN should still be requested for sensitive operations, such as changing the security settings, banking transactions, unlocking the phone after a restart, etc. A fast and convenient method to unlock the phone could allow stronger security for more crucial tasks. – pgianna Sep 12 '17 at 14:44
  • 1
    It all depends on your threat model - if I want surreptitious access to your phone when you're not present, is it easier/more convenient for me to (a) shoulder surf your pin (b) obtain your fingerprint and construct a live-enough model to fool the reader (c) construct a 3-d model of your head. If I'm just going to threaten you and steal your phone, odds are I won't have any trouble getting you to unlock it first. – ddyer Sep 13 '17 at 21:02

1 Answers1

6

All security mechanisms feature a trade-off between usuability and security and I don't think that FaceID will be any different in this regard.

One of Apple's original motivations in introducing TouchID was to get iOS users who had no PIN code set at all, to use some form of security mechanism on their device. This would obviously only work if the mechanism had good usuability, which TouchID does.

As to the specific threat you mention about creation of models, from technical information revealed by Apple so far, they appear to be using 3D mapping techniques combined with motion detection to identify the user (there has been mention that it won't work when your eyes are closed, for example).

So to copy that a full 3D model of the user would be needed and that model would need to emulate the users liveness to some degree.

So that's obviously a theoretical possibility, but the question is what level of effort would be needed for an attacker to pull this off, and whether that's a reasonable security/usuability trade-off for most iPhone users.

I'd suggest that if we're at "create an accurate 3D animatronic head to crack" that's not an unreasonable level of security for most users, if it has good usability (to quote @avid's rule of security "Security at the expense of usability, comes at the expense of security.")

If however when it's released, it turns out there's some simpler way of faking it out, that might be more of a concern.

Having seen Windows Hello in action, I'll be more interested to see what the False Rejection Rate is like with this. Hello is great in fairly static settings, but not so good outdoors with things like hats and sunglasses coming into play.

Rory McCune
  • 60,923
  • 14
  • 136
  • 217
  • 1
    "trade-off between usuability and security" is a non-answer. The question is asking what is needed and how do you go about cracking RealFace created by Israel's military security team? **That's the question.** – Pacerier Nov 06 '17 at 20:15