Apple’s iPhone X uses ‘black box’ neural networks to prevent Face ID spoofing

“Even Apple will not be able to explain how its forthcoming iPhone X can spot some efforts to fool its facial recognition system,” Leo Kelion reports for BBC News. “The firm has released a guide to the Face ID system, which explains that it relies on two types of neural networks – one of which has been specifically trained to resist spoofing attempts. But a consequence of the design is that it behaves like a ‘black box.’ Its behaviour can be observed but the underlying processes remain opaque.”

“So, while Apple says Face ID should be able to distinguish between a real person’s face and someone else wearing a mask that matches the geometry of their features, it will sometimes be impossible to determine what clues were picked up on,” Kelion reports. Previous attempts a facial recognition from the likes of Samsung “have been plagued by complaints they are relatively easy to fool by with photos, video clips or 3D models shown to the sensor.”

“This has made them unsuitable for payment authentication or other security-sensitive circumstances,” Kelion reports. “In publishing its Face ID documentation more than a month ahead of the iPhone X going on sale, Apple is hoping to head off such concerns – particularly since the handset lacks the Touch ID fingerprint sensor found on its other iOS phones and tablets.”

Read more in the full article here.

MacDailyNews Take: An inscrutable neural network that teaches itself and makes its own decisions?

Oh, relax. What could possibly go wrong?

Apple’s “Face ID Security” document states, in part:

Face ID data, including mathematical representations of your face, is encrypted and only available to the Secure Enclave. This data never leaves the device. It is not sent to Apple, nor is it included in device backups. The following Face ID data is saved, encrypted only for use by the Secure Enclave, during normal operation:

• The infrared images of your face captured during enrollment.
• The mathematical representations of your face calculated during enrollment.
• The mathematical representations of your face calculated during some unlock attempts if Face ID deems them useful to augment future matching.

The neural networks may be updated over time. To avoid a user having to re- enroll to Face ID when these neural network changes are made, iPhone X will be able to automatically run stored enrollment images through the updated neural network. In addition to being encrypted and protected by the Secure Enclave, these enrollment images are cropped to your face, minimizing the amount of background information. Face images captured during normal unlock operations aren’t saved, but are instead immediately discarded once the mathematical representation is calculated for comparison to the enrolled Face ID data.

Apple’s full “Face ID Security” document is here.

The Dark Secret of Artificial Intelligence: No one really knows how the most advanced algorithms do what they do – June 12, 2017


    1. I’m intrigued about whether it will be able to distinguish between identical twins.

      All recognition systems have a tolerance, otherwise a minor change ( a spot or puffy cheeks ) could prevent recognition. It would be interesting to discover how many identical twins are so similar that they are within the tolerance and therefore able to confuse the system.

      It would have been a really cool demo to bring two identical twins on stage and then have iPhones tell them apart.

      I would stage it in the manner of a magic trick. A trusted member of the audience choose whether the first twin goes to iPhone A or B and the two twins would be identified by those two iPhones and then switch places to see if they were identified. Once the IDs had happened, the identically dressed twins would each open an envelope that they were carrying revealing what their name was.

      I have no doubt that TV shows will be doing tests very much like that when iPhone X is released.

        1. This is an issue which concerns me. Although I’m not a twin, there have been many twins in my immediate family ( my mother was a twin, her mother also had another pair of twins and my brother fathered twins, but one of them passed away ).

          If facial recognition can be fooled by twin siblings, then currently the only alternative on those models is a keyboard passcode as there is no fingerprint reader. While it only affects a small proportion of the population, it’s a major drawback for those affected and I think that Apple needs to address that issue.

          As the facial recognition is incredibly fast, it should be possible to resolve movement as well as identify the face itself, so there might be a way to have a movement-based password. The user could mime a word, or make a special movement or gesture in order to unlock their iPhone.

  1. It’ll get hacked, and the news story will say “APPLE FACE READ SECURITY THINGY EASILY DEFEATED” and the actual story will mention how it was so simple, they’re surprised Apple didn’t think of it. ALL you have to do is get some DNA and grow it to an embryo. While you’re doing that, create a pocket universe that replicates the universe you grew up in down to a subatomic level, artificially inseminate your faux-mom, wait until you live through your life, all the cuts, bruises, operations, dental work and THEN pop into the pocket universe, take that faux-you hostage, bring back to our universe and you can unlock that person’s phone!

    They will then claim that this needs to be fixed as possible and Apple will have to add a sensor that picks up string level vibrational differences… to resolve the issue.

    It may not go to these lengths, but I remember out TouchID was EASY to spoof if you had similar “impossible to achieve in the real world” scenarios. (No, no one is going to hand you a glass and get a perfect print from it if that’s not what you’re trying to do) If someone REALLY wants the content of your phone, it would take $50 paid to the right person… some say even less.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.