Reason why smartphone should not be unlocked with iPhone X's face authentication function "Face ID"

It was held from 2 o'clock on September 13, 2017 in Japan timeApple Special EventIn the new iPhone released in "iPhone X"Replaces the fingerprint authentication function" Touch ID "with the face authentication function"Face ID"Is adopted. It's a Face ID that can only be used with such a new iPhone X but it should not be used, says the online programming learning communityfreeCodeCampPointed out.

Why you should not unlock your phone with your face - freeCodeCamp
https://medium.freecodecamp.org/why-you-should-never-unlock-your-phone-with-your-face-79c07772a28

"Historically biometrics are not safe," says FreeCodeCamp. The reason is extremely simple, the camera can deceive, sound can be recorded, fingerprints can be stealed. As Apple asserts that the probability that another person accidentally breaks through the authentication accidentally is 1 / 50,000 / 1 in the case of Touch ID, Face ID is one millionth of one ", and Face ID has Touch It may be superior to ID. However, in many countries including the United States, it is possible "to forcibly force the police to unlock smartphones by using fingerprints on specific persons legally", even if this changes to face authentication You can urge you to unlock it. Therefore, freeCodeCamp wrote that it is not recommended to use biometrics if you consider data security, such as email, SNS accounts, family photos, information on places you have taken smartphones, and so on.

A movie released in 2007Bourne Ultimatum"There is a scene where Jason Born playing Matt Damon completes perfectly through 2-step verification by biometrics, but freeCodeCamp insists that biometrics are incomplete like this scene That's it.

The Bourne Ultimatum (6/9) Movie CLIP - Stealing the Blackbriar Files (2007) HD - YouTube


Then, can Apple's face ID "Face ID" be able to break through the certification by making a face photo or elaborate face model?

According to the presentation, the face ID of the iPhone X is supported by the sensors around the in-camera at the top of the display. There are infrared cameras, floodlights, proximity sensors, ambient light sensors, speakers, microphones, front cameras, and dot projectors from the left, and the dot projector has dots that can not be seen in more than 30,000 points By irradiating the user's face and reading it with an infrared camera, we measure the shape of the face precisely, including the depth. Since you use an infrared camera, Face ID can also be used in the dark.


By analyzing this with a neural network, it is possible to recognize that it is the same face even if you put on hat or glasses, beard or hairstyle changes, or face changes due to aging about. Also, since the accuracy of recognition is more than Touch ID and it contains depth information, it can not deceive the security of Face ID with two-dimensional information such as a photograph, and the "elaborate mask created by asking Hollywood" or " It seems that Face ID can not be fooled even in "twins similar in face".


You can see the fact that unlocking iPhone X with Face ID is actually shown in the following article.

A movie summarizing how the real machine of "iPhone X" feels - GIGAZINE


Still, freeCodeCamp points out that "It is also a matter of time before technologies that can break Apple's face ID appear."

Indeed, Samsung's Galaxy S8's security lock on the iris authentication feature has been broken in just a few months since its appearance, and FaceCode of facial authentication can be easily broken down, freeCodeCamp Pointed out.

Samsung 'Galaxy S8' breaking through iris authentication is extremely easy - GIGAZINE


I will consider further the ultimate biometric authentication using DNA which is one of the most complex information of human beings. DNA is a long data sequence and has about 3 billion base pairs per human genome. However, the whole human genome can be stored with a capacity of 1 GB or less, which is a fairly compact size compared to data such as movies and other GB. In other words, even if a biometric authentication function using DNA appears, freeCodeCamp insists that it will not be impossible to break through this.

The cost of genome sequencing is becoming cheap year by year, and in terms of cost, it seems that the realization of biometric authentication using DNA is approaching.


Furthermore, there is a problem in biometric authentication that "it is quite difficult to change these when voice, fingerprint, face, DNA sequence, etc. leaked out". Therefore, freeCodeCamp asserts that it is best to use passcodes of numbers that can be easily changed without relying on biometric authentication.

For example, in the case of the iPhone, the number of times you can challenge to unlock the passcode is 10 consecutive times, and if there are 4 digit passcodes, 10,000 combinations will exist. Compared to Face ID, it may seem that 4 digit passcode is not safe, but if the iPhone is stolen, you can get the correct 4 digits from the list of 10,000 numbers without any hints It is obvious that finding out is a very difficult business.

However, the following 20 of the four-digit numeric passcodes are frequently used, so they should be avoided because they can be easily predicted. The numbers in parenthesis indicate frequency of use. In addition, in the case of a numeric passcode, there is also an advantage that the American court can not force the entry of a passcode.

01st place:1234 (10.713%)
02th place:1111 (6.016 %%)
03th place:0000 (1.881 %%)
04th place:1212 (1.197 %%)
05th place:7777 (0.745 %%)
06th place:1004 (0.616 %%)
07th place:2000 (0.613 %%)
0th place:4444 (0.526 %%)
09th place:2222 (0.516 %%)
10th place:6969 (0.512 %%)
11th place:9999 (0.451 %%)
12th place:3333 (0.419 %%)
13th place:5555 (0.395 %%)
14th place:6666 (0.391 %%)
15th place:1122 (0.366 %%)
16th place:1313 (0.304 %%)
17th place:8888 (0.303 %%)
18th place:4321 (0.293 %%)
19th place:2001 (0.290 %%)
20th place:1010 (0.285%)

It takes about 2 seconds to enter the 4 digit passcode and it is clear how hard it is to enter the passcode each time for iPhone users who unlock the smartphone about 80 times per day. In fact, 89% of iPhone users are using the Touch ID of the fingerprint authentication function, because the reason is that it saves time and effort. However, there are risks in terms of security behind its convenience, and some smartphones protected by biometric authentication include bank account password and credit card information Because of that, freeCodeCamp says, "It is recommended to keep using numeric passcodes".