FaceID

2 minutes estimated reading time

@ WWDC

Apple’s facial recognition aka FaceID has spurred a number of discussions about the privacy trade-offs in the iPhone X.

Experts Weigh Pros, Cons of FaceID Authentication in iPhone X | Dark ReadingOne concern about FaceID is in its current implementation, only one face can be used per device, says Pepijn Bruienne, senior R&D engineer at Duo Security. TouchID lets users register up to five fingerprints. If a third party obtains a user’s fingerprint and reproduces it, and the user is aware, they could register a different unique fingerprint.

Can Cops Force You to Unlock Your Phone With Your Face? | The Atlantic – Even if Face ID is advanced enough to keep pranksters out, many wondered Tuesday if it would actually make it easier for police to get in. Could officers force someone they’ve arrested to look into their phone to unlock it?

How Secure Is The iPhone X’s FaceID? Here’s What We Know | Wired – Marc Rogers, a security researcher at Cloudflare who was one of the first to demonstrate spoofing a fake fingerprint to defeat TouchID. Rogers says he has no doubt that he—or at least someone—will crack FaceID. In an interview ahead of Apple’s FaceID announcement, Rogers suggested that 3-D printing a target victim’s head and showing it to their phone might be all it takes. “The moment someone can reproduce your face in a way that can be played back to the computer, you’ve got a problem,” Roger says. “I’d love to start by 3-D-printing my own head and seeing if I can use that to unlock it.” 

Now lets talk about the Apple Watch, which I consider to present more serious issues.
 
The Apple Watch 3 is interesting from a legislative point-of-view. The software SIM in the Apple Watch clones the number of your iPhone. The security services of the major powers generally don’t broadcast their capabilities. Politicians are generally untroubled by knowledge of what is possible. Giving politicians an inkling is likely to result in broad sweeping authoritarian power. 
Imagine what will happen when Amber Rudd goes into parliament looking for real-time access to everyone’s phones. She now can point to the Apple Watch 3 as evidence that LTE and 3G connections can be cloned. What kind of legislation will her special advisers start cooking up then?

Secondly, it will only be a matter of time before criminals either work out how to do it themselves, or co-opt mobile carrier staff. Two factor authentication that depends on SMS is already compromised. This allows it to be compromised and undetectable.

The Apple Watch 3 may have royally screwed us all.