Everyone is still coming to grips with the implications of iPhone X users having to rely on their face to unlock the device once Apple’s new top-of-the-line model starts shipping in November.
Apple has left questions unanswered about how the feature will work, since that pricey new version of the iPhone will be all screen and, as such, lacking a home button — a button that would otherwise, of course, have been able to be used for Touch ID fingerprint authentication. And in addition to leaving questions unanswered, Apple has also been somewhat coy in its rollout of the feature.
In a piece this week for Forbes — “No, Apple’s Face ID is Not a ‘Secure Password’” — scientist JV Chamary takes the tech giant to task for the way Apple exec Phil Schiller laid things out at Apple’s recent event. “The chance that a random person in the population could look at your iPhone X and unlock it with their face,” Schiller said, “is about one in a million.” As Chamary notes, though, that doesn’t tell the full story when it comes to the new feature and the security of the device.
A random person, okay. But that stat doesn’t appear to speak to any vulnerabilities that a specific person — like a thief, Chamary notes — could exploit via Face ID.
Beyond that, meanwhile, the reaction keeps coming — everything from at least one Senator’s letter to Apple asking for more details about how the feature will work to a video Huawei posted on its Facebook page in recent days that seems to be making fun of the feature.
Meanwhile, the assessment from the security community so far appears to be somewhat mixed — with experts offering praise for some aspects of the new feature but also plenty of cautionary notes.
Troy Hunt, who writes about web security and similar topics, told BGR: “Face ID isn’t necessarily better or worse in terms of security. Rather, it’s different … Face ID gives consumers another choice in terms of which form of biometric authentication they use, and like Touch ID, it offers them a means of protecting their device without the usability friction of a PIN. As for how easily fooled it will be, we’ll have to wait until it’s in the hands of testers to know for sure, but it would be very surprising if there are any easily exploitable risks found.”
For at least one member of the security community — Marc Rogers, the head of information security at…