Security firm claims to thwart iPhone X’s Face ID with a mask

When Apple introduced Face ID security alongside the iPhone X, it boasted that even Hollywood-quality masks couldn’t fool the system. It might not be a question of movie-like authenticity, however — security researchers at Bkav claim to have thwarted Face ID by using a specially-built mask. Rather than strive for absolute realism, the team built its mask with the aim of tricking the depth-mapping technology. The creation uses hand-crafted “skin” made specifically to exploit Face ID, while 3D printing produced the face model. Other parts, such as the eyes, are 2D images. The proof of concept appears to work, as you can see in the clip below. The question is: do iPhone X owners actually have to worry about it?

The researchers maintain that they didn’t have to ‘cheat’ to make this work. The iPhone X was trained from a real person’s face, and it only required roughly $ 150 in supplies (not including the off-the-shelf 3D printer). The demo shows Face ID working in one try, too, although it’s not clear how many false starts Bkav had before producing a mask that worked smoothly. The company says it started working on the mask on November 5th, so the completed project took about 5 days.

When asked for comment, Apple pointed us to its security white paper outlining how Face ID detects faces and authenticates users.

Is this a practical security concern for most people? Not necessarily. Bkav is quick to acknowledge that the effort involved makes it difficult to compromise “normal users.” As with fake fingers, this approach is more of a concern for politicians, celebrities and law enforcement agents whose value is so high that they’re worth days of effort. If someone is so determined to get into your phone that they build a custom mask and have the opportunity to use it, you have much larger security concerns than whether or not Face ID is working.

More than anything, the seeming achievement emphasizes that biometric sign-ins are usually about convenience, not completely foolproof security. They make reasonable security painless enough that you’re more likely to use it instead of leaving your device unprotected. If someone is really, truly determined to get into your phone, there’s a real chance they will — this is more to deter thieves and nosy acquaintances who are likely to give up if they don’t get in after a few attempts.

Source: Bkav

Engadget RSS Feed

Apple says ‘tears of joy’ face is the most-used emoji

In an overview of its differential privacy technology, Apple slipped in some super important data regarding the popularity of its emojis. The document included an image ranking the top 10 emojis among US English speakers and taking the number one spot was the “face with tears of joy” emoji. The red heart and “loudly crying face” rounded out the top three.

The image is just a simple chart without any real numbers attached, so there’s no telling just how popular that emoji is over all the rest. Really it was just a demonstration of how Apple uses its differential privacy tools, many of which it described in the overview. In it, Apple said, “There are situations where Apple can improve the user experience by getting insight from what many of our users are doing, for example: What new words are trending and might make the most relevant suggestions? What websites have problems that could affect battery life? Which emoji are chosen most often?” But the company said getting that information while maintaining privacy is a bit tricky but key. To do that, it uses its differential privacy technology, which Apple describes as “a technique that enables Apple to learn about the user community without learning about individuals in the community. Differential privacy transforms the information shared with Apple before it ever leaves the user’s device such that Apple can never reproduce the true data.”

Apple says it uses these tools to improve the usability of features like QuickType and emoji suggestions, lookup hints and Safari energy draining domains, among others. You can check out the full overview here.

With the release of iOS 11.1, Apple added over 70 new emojis, and I’m betting the cursing face one will make a run for one of those top 10 spots pretty quickly just based solely on how often I plan to use it. However, iPhone X users will no longer be limited to the selection of static emojis as the company announced in September that the new phone will include the ability to animate a selection of emojis based on what you say.

Image: Apple

Via: The Verge

Source: Apple

Engadget RSS Feed

Apple might share iPhone X face data with developers

Despite Apple claiming it securely stores your encrypted face info on the iPhone X, Reuters is reporting that the company permits developers to access “certain facial data” with user permission. This includes a visual representation of your face, and over 50 facial expressions.

Face ID was always going to be the iPhone X’s most talked about feature. With it, the days of fingerprint authentication could be numbered, replaced by face biometrics. But, there’s something about your mugshot being stored with Apple that’s (understandably) got people shook up. Senator Al Franken already pressed the firm on the security concerns the tech raises — prompting a response. Now, it’s the turn of privacy advocates. In the report, the American Civil Liberties Union and the Center for Democracy and Technology warn that the info could fall into the hands of marketers.

We know Apple’s Face ID tech works by using a mixture of camera sensors and neural networks to grab a mathematical model of your face. And, like Touch ID before it, Apple is granting developers access to its Face ID API, enabling them to use the unlock mechanism on all your fave apps — including secure banking and payment apps. But, the latest revelations suggest Apple is allowing devs to make off with more data than it is letting on. The same data reportedly cannot unlock the phone, because that functionality is limited to the overarching mathematical model. Reuters adds that Apple’s developer agreement forbids app makers from sharing the info with marketers. And, that those who break the rules risk getting kicked from the App Store.

But, privacy groups fear the company won’t be able to adequately police how devs use the info, which could lead to it finding its way to marketers. That, in turn, would result in more targeted ads, but these would use the tech to track your facial reactions (like a smile, or a raise of an eyebrow). Naturally, that kind of tracking data would be a goldmine for advertisers. But, it’s also important to note that Apple’s app review policy makes it extremely difficult for bad actors to get away with violations. Yet, with more than 2 million apps in the App Store, privacy experts warn that some may slip through the cracks. We reached out to Apple for comment, but did not immediately receive a response.

Source: Reuters

Engadget RSS Feed

Apple responds to Sen. Al Franken’s Face ID concerns in letter

Apple has responded to Senator Al Franken’s concerns over the privacy implications of its Face ID feature, which is set to debut on the iPhone X next month. In his letter to Tim Cook, Franken asked about customer security, third-party access to data (including requests by law enforcement), and whether the tech could recognize a diverse set of faces.

In its response, Apple indicates that it’s already detailed the tech in a white paper and Knowledge Base article — which provides answers to “all of the questions you raise”. But, it also offers a recap of the feature regardless (a TL:DR, if you will). Apple reiterates that the chance of a random person unlocking your phone is one in a million (in comparison to one in 500,000 for Touch ID). And, it claims that after five unsuccessful scans, a passcode is required to access your iPhone.

More significantly, Apple provides a summary on how it stores Face ID biometrics, which gets to the heart of the privacy concerns. “Face ID data, including mathematical representations of your face, is encrypted and only available to the Secure Enclave. This data never leaves the device. It is not sent to Apple, nor is it included in device backups. Face images captured during normal unlock operations aren’t saved, but are instead immediately discarded once the mathematical representation is calculated for comparison to the enrolled Face ID data.”

On the topic of data-sharing, it writes: “Third-party apps can use system provided APIs to ask the user to authenticate using Face ID or a passcode, and apps that support Touch ID automatically support Face ID without any changes.” It continues: “When using Face ID, the app is notified only as to whether the authentication was successful; it cannot access Face ID or the data associated with the enrolled face.”

Interestingly, the company dodges the Senator’s question about data requests from law enforcement. But, by indicating that data lives inside a “secure enclave” that it can’t access, it’s suggesting that it won’t be able to handover info that it doesn’t possess. It could also be holding back in light of its scrap with the Department of Justice last year, which saw it refuse to unlock an iPhone 5C owned by the San Bernardino shooters.

As Sen. Franken noted in his letter, Apple trained its Face ID neural network on a billion images. But, that’s not to say the photographs were of a billion different faces. For its part, Apple claims it looked at a “representative group of people” — although it’s still silent about exact numbers. It adds: “We worked with participants from around the world to include a representative group of people accounting for gender, age, ethnicity and other factors. We augmented the studies as needed to provide a high degree of accuracy for a diverse range of users.” Of course, we’ll get to see how accurate Apple’s tech is when the new iPhone makes its way into more hands next month.

For now, it seems the Senator is satisfied with the company’s initial response, which he plans to extend into a conversation about data protection. You can read his full statement below:

“As the top Democrat on the Privacy Subcommittee, I strongly believe that all Americans have a fundamental right to privacy. All the time, we learn about and actually experience new technologies and innovations that, just a few years back, were difficult to even imagine. While these developments are often great for families, businesses, and our economy, they also raise important questions about how we protect what I believe are among the most pressing issues facing consumers: privacy and security. I appreciate Apple’s willingness to engage with my office on these issues, and I’m glad to see the steps that the company has taken to address consumer privacy and security concerns. I plan to follow up with the Apple to find out more about how it plans to protect the data of customers who decide to use the latest generation of iPhone’s facial recognition technology.”

Engadget RSS Feed

iPad Pro could be Apple’s next device to use Face ID

It’s safe to assume that the face recognition system in the iPhone X will eventually reach other devices, but which ones are next in line? KGI’s Ming-Chi Kuo might have an idea. The historically accurate analyst expects the next generation of the iPad Pro to adopt the TrueDepth camera and, by extension, Face ID. This would unify the experience across Apple’s mobile devices, the analyst says, and would spur developers knowing that they could use face recognition across multiple Apple devices, not just one handset. The new iPads would ship sometime in Apple’s fiscal 2018, which ends in September of next year.

There’s another question to be answered: if this happens, will the Touch ID fingerprint reader go away? It’s not so clear. Apple clearly took advantage of eliminating the home button to expand the iPhone X’s screen size, but that’s not as necessary on devices that already have large displays. Also, Apple has typically kept larger bezels on the iPad due to its size — you need at least some space for your thumbs on a device that you can’t easily hold in one hand. We’d add that it could complicate multitasking, since Apple already uses an upward swipe on the iPad’s bottom edge to bring up the app dock. How would you handle that while also using a swipe to go to the home screen?

Whatever happens, it would make sense for the iPad Pro to get face recognition. Apple has made a habit of bringing relatively new features to its higher-end iPads (such as upgraded displays and the Smart Connector), and TrueDepth might be one more reason to spring for a Pro instead of sticking to the base model. And if Apple is going to continue pushing augmented reality, it’ll want tablets that particularly well-suited to the task regardless of the camera you’re using.

Source: 9to5Mac

Engadget RSS Feed

Face ID parts could cause iPhone X shortages

It’s safe to say that people are eagerly anticipating the iPhone X; it represents a step forward in design and tech for Apple. But now, The Wall Street Journal reports that difficulties in manufacturing components crucial to Face ID could lead to significant shortages of the iPhone X.

The components are called Romeo and Juliet, and as their names suggest, they work together in Apple’s face recognition system. Romeo is the home of the projector that uses a laser beam to create a 3D map of the user’s face, while Juliet’s infrared camera reads that map. According to The Wall Street Journal‘s sources, assembly of the Romeo component, and the challenge of incorporating its various components, was taking longer than its Juliet counterpart. This means there are more Juliets than Romeos.

While one source assured The Wall Street Journal that things were back on track, this is a troubling development for the iPhone X. Initially, rumors swirled around possible shortages surrounding the phones OLED display. Coupled with the Face ID component issues, this could mean shortages beyond those we traditionally expect surrounding a new iPhone launch. The iPhone X starts at $ 999 and will be able for preorder starting October 27th.

Via: Bloomberg

Source: The Wall Street Journal

Engadget RSS Feed

Firmware shows the next iPhone will use infrared face unlock

Ever since our close look at an alleged render of the next iPhone back in May, there have been rumors of 3D face scanning plus a large screen-to-body ratio flying about. Today, we finally bring you some solid evidence about these features, courtesy of — surprise, surprise — Apple itself. After digging up new details about the Apple HomePod in its leaked firmware, iOS developer Steve Troughton-Smith came across some code that confirm the use of infrared face unlock in BiometricKit for the next iPhone. More interestingly, in the same firmware, fellow developer Guilherme Rambo found an icon that suggests a near-bezel-less design — one that matches rumored schematics going as far back as late May. For those in doubt, Troughton-Smith assured us that this icon is “specific to D22, the iPhone that has Pearl (Face ID).”

These discoveries are by far the best hints at what to expect from the “iPhone 8,” which is expected to launch later this year. Additionally, we also learnt from our exclusive render that the phone may feature a glass back along with wireless charging this time. That said, there’s still no confirmation on the fate of Touch ID: while the HomePod firmware code seems to suggest that it’s sticking around, there’s no indication as to whether it’s ditching the usual Home button execution in favor of an under-display fingerprint scanner (as shown off by Qualcomm and Vivo at MWC Shanghai). Given how poorly Apple has been guarding the secrets of its next smartphone this time round, chances are we’ll hear more very soon.

Source: Steve Troughton-Smith, Guilherme Rambo

Engadget RSS Feed

The next iPhone reportedly scans your face instead of your finger

Rumormongers have long claimed that Apple might include face recogition in the next iPhone, but it’s apparently much more than a nice-to-have feature… to the point where it might overshadow the Touch ID fingerprint reader. Bloomberg sources understand that the new smartphone will include a depth sensor that can scan your face with uncanny levels of accuracy and speed. It reportedly unlocks your device inside of “a few hundred milliseconds,” even if it’s laying on flat of a table. Unlike the iris scanner in the Galaxy S8, you wouldn’t need to hold the phone close to your face. The 3D is said to improve security, too, by collecting more biometric data than Touch ID and reducing the chances that the scanner would be fooled by a photo.

Does that sound good to you? You’re not alone. The leakers claim that Apple ultimately wants you to use face recognition instead of Touch ID. It’s not clear whether this will replace Touch ID, though. While the tipsters say that Apple has run into “challenges” putting a fingerprint reader under the screen, they don’t rule it out entirely. There are conflicting reports: historically reliable analyst Ming-Chi Kuo is skeptical that under-screen Touch ID will make the cut, while a representative at chip maker TSMC supposedly claimed that it’s present. Your face may be the preferred biometric sign-in approach rather than the only one.

The Bloomberg scoop largely recaps existing rumors, including an all-screen design (with just a tiny cut-out at the top for a camera, sensors and speaker), a speedier 10-nanometer processor and a dedicated chip for AI-related tasks. However, it adds one more treat: if accurate, the new iPhone will get an OLED version of the fast-refreshing ProMotion display technology you see in the current-generation iPad Pro. So long as the leaks are accurate, it’s becoming increasingly clear that the next iPhone represents a massive hardware upgrade, even if the software is relatively conservative.

Source: Bloomberg

Engadget RSS Feed

Apple reportedly buys an AI-based face recognition startup

Those rumors of Apple exploring facial recognition for sign-ins might just have some merit. Calcalist reports that Apple has acquired RealFace, an Israeli startup that developed deep learning-based face authentication technology. The terms of the deal aren’t public, but it’s estimated at “several million dollars.” Cupertino would mainly be interested in the promise of the technology than pure resources, in other words.

We’ve reached out to Apple for comment on the reported deal and will let you know if it has something to add. However, RealFace recently took its website down and left nothing but a skeleton server behind.

Apple is no stranger to buying companies with some form of facial recognition tech. However, a focus on authentication would be both new and logical. If Apple wants to reduce its dependence on fingerprint readers for password-free iPhone logins, it needs a face detection system that will quickly and consistently sign you in across most situations, not just ideal conditions. RealFace’s AI tech is supposed to be highly accurate, so it might not be as finnicky or easily duped as some implementations.

Via: Times of Israel

Source: Calcalist (translated)

Engadget RSS Feed

Michael Kors Access smartwatches’ value is face deep

Not gonna lie. I’m a giant smartwatch nerd, and an even bigger Michael Kors fan. So when I received the invitation to review the company’s new Android Wear timepieces, I was stoked. The Michael Kors Access range falls in line with partner company Fossil Group’s mission to smarten up its range of wristwatches across its brands such as Fossil (duh), Kate Spade, Emporio Armani, Diesel and Skagen. And that should only mean good things for the fashionable wearable industry. But, try as I might, I’m having a hard time staying excited about the new MK smartwatches.

Hardware

The Bradshaw and Dylan models that I received already exist as analog timepieces. In reworking them to accommodate the components that make a watch smart, Michael Kors had to make the cases bigger. The Bradshaw’s face went from 36mm to 44.5mm, while the Dylan is now 46mm (previous size unknown). Both watches are also less water resistant — dropping from being able to withstand pressure of up to 100 meters (330 feet) to just 10 meters (33 feet). Now, the timepieces can survive just rain and splashes instead of swimming and surfing.

Because of the additional components, the connected Bradshaw and Dylan are pretty heavy. The case alone (for both) weighs 51 grams (1.17 ounces). Even though that heft made me feel like I had an ankle bracelet latched onto my wrist, I still loved the style and quality of both wristbands. The straps are some of the most sturdy and premium that I’ve seen on a smartwatch so far, making them feel a lot more like real chronographs. And, perhaps thanks to careful craftsmanship, the fully stainless-steel Bradshaw and silicone Dylan succeed in looking classy and glamorous without crossing over into gaudy, as some wristwear is wont to do.

Inside the polished metal cases sit a Snapdragon 2100 CPU, 4GB of storage, a 360mAh battery and a variety of sensors, while a 1.5-inch face with a 320 x 290 resolution sits on top. Notably absent is a heart rate monitor on the underside that most Android wearables at this price sport.

Software

Until Android Wear 2.0 arrives, there is nothing really new to say about Google’s wearable platform, which powers many of the devices we’ve reviewed. Although it’s improved a lot in the two years since its debut, the OS is still somewhat limited in what it can do. The 2.0 update, which Michael Kors says the watches will get once Google release it publicly, brings improvements such as an onscreen keyboard, third-party complications and better iPhone support.

On the Bradshaw and Dylan, Android Wear is basically the same as it is on every other smartwatch, with the exception of the Michael Kors Access app and custom watch faces. The former lets you do two things: save your favorite watch faces and set up two looks (day and night) that will automatically change at a specific time of your choosing. Frankly, even though the auto changing of faces is nice, the whole app is incredibly basic, and I could just as easily do the same by pressing down on the home screen.

The handful of custom watch faces are slightly more interesting (and not to mention very pretty). You can tweak the Michael Kors ones by changing the background, dial and crystal colors. On some themes, you can add information to make the watch more useful at a glance. For instance, the Notes profile lets you display up to four time zone differences (as in, how many hours ahead or behind), your local time and temperature, as well as your steps progress.

In use

Here’s where the Access line really falls short. On paper, everything seems decent. It’s got most of the same specs as other Android Wear devices, save for the slightly smaller battery. But, that resulted in a much shorter runtime than its rivals; the Dylan went from 80 percent charged at 2:30 PM to just 35 percent by 8 PM after a few hours of heavy use. The Bradshaw lasted about the same. On average use without many notifications and interaction with the Dylan, though, it lasted slightly more than a day.

Worse than the disappointing battery life is the glitchy performance. Despite sporting capable processors, the Bradshaw and Dylan struggled to respond quickly to my commands. While the watch’s microphones accurately picked up my requests most of the time, it occasionally misheard what I was saying, even in a dead quiet room. Then, when it correctly spelled out my request to remind me of an upcoming task, the Dylan never alerted me at the appointed time. It’s as if I sent my reminder request into a black hole.

The Bradshaw was similarly finicky; I tried to enable brightness boost from the slide down shortcut panel, and was constantly redirected to the Settings page while the feature remained stubbornly off. Both watches were also sluggish to respond to my swipes, compared to the instant reactions I’m used to on competing Android watches. I had to swipe three or four times on average to dismiss a card.

I reported these issues to Michael Kors, who, after verifying that I had the latest software and build, sent me two other units to test out. The replacements worked better, were more responsive and didn’t exhibit the abovementioned brightness boost problem. It’s worth noting that they arrived with a software upgrade already installed, whereas I had to run that update on the devices I initially got. I still had trouble getting Ok Google to reliably set a reminder, though; sometimes the new Dylan buzzed at the appointed time, but more often it never alerted me.

But there are some problems that aren’t as easily fixed. The watches’ screens wash out when you’re not looking at them straight on. And as much as I loved the chunky style of the timepieces, Michael Kors needs to make them lighter. After an hour, my (admittedly very weak) arm began to ache, and the Dylan felt like it was literally dragging me down. I had to very unwillingly take the watch off to continue typing in peace.

The competition

Pictured above: Samsung’s Gear S3 Frontier and Classic.

Man, has Michael Kors got some serious competition. From its own partner company alone, the Access line has to contend with Fossil’s Q Founder. That wearable is similarly chunky, but has a sharper screen for a cheaper $ 275. On the other end of price spectrum sits the Tag Heuer Connected, which is stupendously well-built and still manages to be lightweight. But it also costs a ridiculous $ 1,500.

Then, there are offerings from more traditional tech companies, like the second-gen Huawei Watch, 2015 Moto 360 and LG Watch Urbane. These have crisp displays and modest style for about the same price as the Access, but also offer onboard heart rate monitors and more software features that make their wearables more functional. For example, the Moto 360 offers Live Dials, which let you access specific apps directly from the watch face without all the excessive swiping.

Look outside the Google ecosystem, and you’ll find even more contenders. If you own an iPhone, the Apple Watch is a no-brainer. It’s the most seamless option for iPhones, with better messaging integration and a ton of apps you can launch from your wrist. Its squarish face may be a little, well, square, so those who want a little more style should look elsewhere.

That somewhere else might be Apple’s biggest rival, Samsung, which just unveiled the Gear S3. The new wristwear features a rugged, country aesthetic that wouldn’t look out of place whether on a lumberjack or an investment banker. They’ve got rotating bezels that makes navigating the interface much easier, and run Samsung’s Tizen OS, which should offer about 10,000 apps and watchfaces than the mere 1,000 it did when the Gear S2 launched. That could give Android Wear a run for its money.

Speaking of wearable platforms that could topple Google, industry pioneer Pebble also has some solid options that are both attractive and functional. The Pebble Time Round is one of the slimmest smartwatches on the market and offers longer-lasting battery than Android Wear, Apple and Samsung devices for just $ 200. But it doesn’t have a touchscreen, and its display is nowhere near as vibrant as the rest.

Wrapup

In the end, the Michael Kors Access line is just another option in the Android Wear market. Michael Kors might sell plenty of Access watches based on the strength of its brand alone, but it doesn’t do much that’s different from its competitors. Don’t get me wrong: these watches are truly gorgeous, and, bugs aside, generally do what they promise. But there’s nothing here that sets it apart from being yet another smartwatch that married Android Wear with a fashion house’s good looks.

The thing is, it’s difficult to fault Michael Kors for the functionality of the Access line — it’s limited by what Google offers in Android Wear. That means it ultimately suffers the same plight as all the fashion and horological brands out there that are struggling to deliver a decent, good-looking smartwatch. At least Michael Kors had the good sense to not charge an arm and a leg for its pieces (*cough* Tag Heuer *cough*). Besides, having another designer get in on the growing market is an encouraging sign, and I can’t wait to see what (one of my favorites) Kate Spade delivers. In the meantime, I’ll keep saving up for a smartwatch worth splurging on.

Engadget RSS Feed