"Perhaps, the only attack that may break iPhone X's Face ID will be a mask made of human skin, which 'may' fool the TrueDepth IR-dots and its scoring level," Azril mused.
White hat hacker turned financial security consultant, Fong Choong Fook (pic below) added his own positive welcome. "Apple's facial ID technology has brought an interesting chapter to the application of Biometrics technology. Typically facial ID recognition technologies are based on key surface features of facial characteristics; but Apple took it further by using infrared to implement a much more comprehensive measurement mechanism, and yet all these measurements can be done by using just a small and portable consumer device."
"Theoretically, it is not easy to fool the iPhone facial recognition system with still pictures or even a replica face mask," said Fong, adding that general facial recognition systems will deliver additional benefits. "Unlike fingerprint recognition, we don't have to register the subject directly. We can register a subject by just using a photo of the subject, or by just extracting camera footage with the subject's face. Of course, such approach also brings up another issue - personal privacy."
"In China, many public transportation stations are already equipped with advanced facial recognition systems," he said. "The systems have had helped law enforcement to identify and capture many wanted suspects and criminals over the years."
"It's also a matter for debate whether such passive recognition and scanning constitute violations of personal privacy vis a vis public safety requirements," Fong said. "Personally, I have not objections if the government is using biometric technologies to scan and identify civilians. Then again, it's just a fine, thin line between ethical and unethical usage. If the technology is misused, the consequences can be really devastating."
"Our banks already have a copy of our fingerprints and picture, but would you be comfortable if you know that your bank is now requesting a copy of your voice sample, retina pattern or DNA sample?" he continued
In Malaysia, we do not have specific laws to cover the protection of biometric related sensitive information, not even with the PDPA (Personal Data Protection Act)," said Fong. "Regulators need to start exploring the feasibility of strengthening our privacy policies and classifying the protection requirements for various types of biometric data for Malaysians." (See -Malaysian businesses must prepare for complaints as PDPA finally in force, says global law firm)
Fong continued with a discussion of general facial technology systems. "When it comes to detection, facial recognition can be applied without the involvement of the subject, such as detection via video footage or live CCTV streaming,"
Sign up for Computerworld eNewsletters.