More and more smartphones now come equipped with facial recognition security, offering up a new way for us all to secure and unlock our smartphones. While not as widespread and not necessarily more secure than a fingerprint scanner, new biometric ideas like facial recognition seem to be the way forward. So let’s explore what options are out there, how they work, and what they mean for security.
Samsung Face Recognition and Iris Scanning
Samsung was the first to pack advanced facial recognition technologies into a top-tier flagship with iris scanning technology inside the ill fated Galaxy Note 7. The technology stuck around inside the Galaxy S8 and new Note 8, which forms part of Samsung’s security suite alongside a broader face recognition system and fingerprint options.
Samsung’s iris scanning technology works by identifying the patterns in your irises. Just like fingerprints, these are unique to each person, making them very difficult to replicate. To do this, Samsung’s latest flagships are equipped with an infrared diode that illuminates your eyes regardless of the surrounding lighting conditions. This light wavelength can’t be detected by a regular front facing cameras, so a special infrared narrow focus camera then captures the detailed iris information. This image is then stored and processed locally on device, nothing is send via the internet.
Samsung's iris scanning technology works by identifying the patterns in your irises using a infrared scanner. Just like fingerprints, these are unique to each person.
This doesn’t mean the concept is completely foolproof though — highly detailed mock eyes have fooled Samsung’s security system. Although most criminals aren’t walking around with those kind of fraudulent capabilities, so it’s secure for the vast majority of users. The only real drawback is that you have to position the phone and your eyes quite precisely for the iris scanner to read correctly, which might be a bit more fiddly than placing your finger on a scanner.
Samsung’s broader face recognition option isn’t as sophisticated, as it relies on data captured from the regular camera to map out details of your face. It turns out it can be fooled pretty simply by just using a picture. Samsung clearly states that this is less secure than pattern, PIN, or password, so you’re much better off using the more sophisticated iris scanning option.
Apple Face ID
Apple unveiled its new Face ID technology as part of its iPhone X launch. Unlike Samsung’s technology, Face ID is designed to map out a user’s entire face in a highly secure manner. It doesn’t just rely on the phone’s familiar front facing camera, there are actually lots of sensors crammed onto that strip at the top.
The iPhone X comes equipped with an array of sensors designed to capture details of your face. For starters, it uses an infrared flood light to illuminate your face, which will work regardless of your surrounding lighting conditions as it’s outside of the visible spectrum. A secondary 30,000-point infrared laser matrix is then beamed out, which reflects off the flood light. Rather than snapping a picture of this infrared light, a special infrared camera detects subtle changes in the matrix point reflections as your face makes minute movements, which allows the camera to capture very accurate 3D depth data.
Face ID also uses infrared for scanning, but builds a 3D depth map of your entire face using a 30,000 point dot matrix. This also allows Apple to build some interesting/odd bits of software like Animoji.
Just like Samsung, this data is saved and processed entirely on chip in a secure partition to keep it safe and secure. This method of facial recognition is substantially more secure than analyzing data from a regular front facing camera, because it captures precise depth information. The only way to fool it would be to make a very accurate prosthetic, or have an identical twin who wants to snoop around in your phone. It’s tough to say whether this is more secure than Samsung’s iris scanner, but it does let Apple do some interesting things with software face mapping too.
ZTE Eyeprint ID and Hawkeye
Although it never made it to market, ZTE’s Project CSX (or Hawkeye) was an intriguing prospect, as it boasted some interesting biometric security and software technologies. The iris scanning technology was likely based on the company’s earlier Eyeprint ID, developed by EyeVerify, which featured in the company’s older Grand S3, Blade S6, and original Axon smartphone.
ZTE's crowdfunded phone was working on some interesting software, but selfie camera based recognition systems aren't as secure as new infrared technology.
Unlike Samsung’s infrared technology, Eyeprint ID used the phone’s high resolution front camera to scan the user’s eye, identifying blood vessel patterns that are unique to each individual. So the smart processing is done in software on a high quality picture. While that’s a great way save costs, it’s more prone to being fooled than modern infrared implementations.
On top of the security angle, the ZTE Hawkeye’s technology would also have allowed users to control Android using eye motions. Compatible pieces of Android software could have been made to scroll up, down, left, and right using nothing more than the movement of your eyes. It will be interesting to see if Samsung incorporates a similar idea into its iris scanning technology or if Apple can muster up something similar with Face ID.
Android’s default facial recognition
While specific OEMs may be talking up their own next-gen security technologies, did you know that Android has been able to unlock your phone with your face since the Ice Cream Sandwich days? Not every OEM chooses to implement it, but many smartphones can and have been making use of this feature for a while now.
Unfortunately, this dated technology is only based on using your front facing camera, alongside Google’s own facial recognition software. Again all data processing is kept on chip and never sent to the cloud, so it’s at least secure in that sense.
While it might be a convenient way to unlock your phone and it doesn’t incur the costs of extra hardware, it’s accuracy is entirely dependent on the quality of your phone’s front camera. Furthermore, the image processing time can be quite slow on older phones, meaning that this isn’t necessarily the fastest way to unlock your phone either.
The lack of any sophisticated hardware leaves this more prone to exploitation, even with simply photographs of your face. Neither Google nor Samsung advertise this is a particularly secure way to protect your phone, and we wouldn’t recommend it over a PIN.
The most secure is …
Well that’s tough to say, as no one has been able to get their hands on the iPhone X to try and fool it yet. What we can say is that if you’re looking for the most secure biometric security option then you’re going to want dedicated hardware that’s tough to fool. Just as fingerprint scanners have evolved over the years, the latest iris and facial recognition technologies from Apple and Samsung are using more sophisticated techniques than early Android implementations.
Based around infrared scanning, both Samsung’s Iris Scanning and Apple’s Face ID are much hardware to trick than older photography based solutions, but aren’t inherently better than a trusty old password. Even so, as companies look to tie these convenient security services into banking and other secure applications, you can be almost certain that other smartphone manufacturers will end up implementing similar and perhaps even better technologies in the near future too.