 |
| Image from Pixabay |
How do you unlock your mobile, tablet or laptop? With a password, a pin code, your fingerprint or maybe even with your face? There are many possibilities and you could therefore sooner of later the question whether facial recognition is safe had to pop up. A few years ago my answer was: I wouldn't use it on business devices, privately I don't think it would be a problem - at least, if you have a somewhat normal life. But is that statement true? It’s time for some research, so that you don't have to dive into it yourself.
Facial
recognition is a form of biometric identification, which compares unique
features of your body to a stored pattern. Other forms of biometrics include
fingerprint and palm scans, iris scans and voice recognition. These
technologies work differently than the good old fingerprints you know from the
police, where inked fingers are used to make a print on paper that is then
compared to the prints left by the burglar on the window. Instead, the scan is
translated into a biometric profile, which looks at things like the distance
between your eyes, the distance between your nose and mouth, the shape of your
cheekbones and the dimensions of your face. More advanced systems make a 3D
scan and use infrared images, which makes the profile more accurate. It gets
even better when the system is able to determine whether the camera is looking
at a living person. When unlocking, the detected facial features are compared
to the stored profile. So it’s not like photos from then and now are being
compared with each other.
I
read a bunch of articles on this topic this morning, and the answer to the
question whether facial recognition is a safe way to unlock your device seems
to be: it depends on the device. Apple's FaceID uses the more advanced
techniques I described above from the iPhone X onwards and is therefore
considered safe. Android devices are a different story, as the Dutch Consumers'
Association discovered. In 2023, they repeated
their research from four years earlier and had to conclude that little had
changed: they were still able to fool 43% of the tested devices with a photo.
This mainly concerns devices at the low end and in the middle of the price
range, although a few more expensive devices also fell through the cracks.
Almost all Samsung devices performed well.
Hello
is available on Windows PCs . It uses infrared cameras to make a 3D scan of
your face. The system can also check if it is looking at a living person,
making it difficult to fool it with a photo. If your computer does not have the
necessary cameras, facial recognition is not available.
Of
course I put it to the test and let my private phone look at a photo on my
screen. And then I quickly disabled facial recognition on that device… I will
continue to use the fingerprint scanner, because it is more secure than a PIN
code which can be copied. And while you can often fool facial recognition with
a photo, that is much more difficult with a fingerprint. Some Android devices
still have pattern recognition, where you draw a pattern with your finger on a
grid of nine points. This option is almost unanimously discouraged, because
someone looking over your shoulder can easily remember your pattern. Moreover,
traces of grease on the screen also reveal a lot.
During
the research for this blog I noticed something. I searched for “facial
recognition safe” in both English and Dutch. The Dutch articles gave a good
answer to my question, while the English articles mainly focused on the privacy
aspect of facial recognition: for what purposes can this technology be abused?
Privacy plays a role in particular when biometric data is stored in databases.
And again we see that Chinese person crossing the road on a red light and
receiving a fine in the mail a few days later. But criminals are also
interested in technology that allows them to gather information about someone
based on a (secretly taken) photo. And finally, quite a few people fear that
the police can unlock their phone very easily – you can’t turn off your face
(just like fingerprints, by the way). But you can refuse to give up your PIN
code.
There
will be no Security (b)log next week.
And in the big bad world…
- there are other ways to unlock phones. [DUTCH]
- False QR codes are being placed on parking meters. [DUTCH]
- Chinese officials are selling citizens' data on the black market.
- D-Link is urging users of certain VPN routers to replace the device.
- Phishers try to stay under the radar by using vector graphics.
- The phones of American soldiers and spies give away their location.
- we do it all for nothing.
- Criminals also like Black Friday.
- The Dutch Minister of Security and Justice believes that a decryption obligation for chat apps is a dilemma. [DUTCH]
- the same minister gets it that the police need to gain more understanding of the online world. [DUTCH]
- even the name of the Dutch NCSC is being misused in a phishing campaign. [DUTCH]
.jpg)
No comments:
Post a Comment