Science & Technology

Is Facial Recognition on Your Phone a Good Choice?

Facial recognition is on the rise with cell phones, adding another method of security for everyday devices. Using biometric analysis, the technology uses facial mapping to unlock the device, comparing it to known faces within the database (that you establish upon setup). The market is expected to exceed $7.7 billion by 2022, with many personal and commercial applications. While facial recognition can help confirm an individual’s identity, it does raise privacy concerns too.

How Facial Recognition Works

Although individual technologies will vary, the basic concepts are the same. Initially, a baseline image is taken of the user’s face. The software will identify the basic geometry of the face, including the distance between your eyes, spacing between forehead to chin, and any distinguishing facial landmarks. Your face is saved within the system as a mathematical formula. When you enable facial recognition, the phone analyzes your facial features against the formula on file. If it matches, the phone unlocks. Some devices will record anyone attempting to unlock the phone, storing it on the cloud (for Apple devices) or the system settings (Android).

Benefits of Facial Recognition

Arguably the most significant benefit of facial recognition is the ease of use. Users don’t have to remember passwords or pins; they simply have to scan their faces to access the device. For users who simply want a layer of protection on the device, facial recognition offers complex protection patterns against unauthorized access. Complex codes and passwords are difficult to remember, while weak passwords or codes can make hacking attempts easier for malicious use.

Security Issues with Facial Recognition Software

Unfortunately, with changes in technology comes vulnerabilities with software. Previous studies by the University of Toronto highlight significant shortcomings of facial recognition software. One example includes the inability to recognize faces with only slight modifications to pixels at the corner of the eye. It also found that 42 out of 110 devices were unlocked with only photographs of the device owner. Additional reports of opening while the owner was asleep have also been documented. These findings suggest phone security measures can be bypassed, even when the owner isn’t conscious or aware of the unlocking.

Issues of Intent with Unlocking

When it comes to phone usage, a level of intent needs to be assumed. For instance, users unlocking the phone with a password or pin are making deliberate intentions to open. That is, they want access to the device at that specific time. With facial recognition, the phone unlocks any time the user has the phone in front of them. It also suggests that phones can be unlocked forcefully, providing access by turning the device on the owner.

For example, if a controlling partner wants access to the cell phone, owners cannot prevent access when the partner shoves the phone in their face. It also suggests that unauthorized access could occur with photographs, videos, or while sleeping. Bypassing the software appears to work through phone display. For example, two phones facing each other can trigger the unlocking functionality; this includes photos posted on social media or videos taken on another device.

Issues with intent also extend into recognition capacity. Many users have experienced issues among siblings that closely resemble each other. Identical twins, for example, can unlock each other’s phones, accessing sensitive information effortlessly.

Issues with Compromised Accounts

Your cellphone holds sensitive, personal information. Consider everything you do from your phone; social media, emails, text messages, contacts, photos, videos, and financial accounts. With unauthorized access to your phone, the damage could be irreparable. Most financial accounts are attached to cellphones, giving thieves instant access to your credit and debit cards. Your email likely holds bill statements, contact information, addresses, and account numbers.

If your phone has been compromised, it’s essential to run a background check on yourself. Background checks offer a current assessment of your financial accounts, employment details, bills and utilities, and personal details. You’ll also want to contact your credit card companies, banking institutions, and any significant utilities to let them know of the compromise.

How to Verify Your Information

Identity theft occurs quickly, with many people acting on the opportunity. This can include opening new accounts in your name (and never intending to pay for them), draining financial accounts, establishing new utilities or cell phone accounts, or taking hold of your personal information for malicious use. Look for any new charges on file, especially if you haven’t opened anything recently. Contact your cell phone provider, too; they can lock the device remotely and block the cell phone from future use. Additionally, most providers will deactivate the SIM card attached to the phone.

Is Facial Recognition Worth Doing?

Users currently have five different options when it comes to cell phone security. Leaving the phone unlocked fails to protect the device from unauthorized access. It will provide easy access to the home screen but will not protect against theft. A pattern lock offers a simple pattern for unlocking, typically using nine or 12 buttons. The phone is locked unless the sequence is completed. This is one of the weaker options for cell phone protection but is more secure than the unlocked phone. A PIN lock option requires users to enter a four (or more) digit numerical code into the lock screen to unlock the device. Although a PIN does offer moderate protection against malice, it can be hacked.

More secure than the PIN function is facial recognition. With the unique biomarkers, the security of the device is higher than a traditional numerical PIN. Unfortunately, the previous vulnerabilities need to be assessed before use (unintentional unlocking, using photos or videos to open the home screen, and potential access while sleeping with some devices). The password functionality is the most secure locking function on the cellphone. It can contain alphanumeric codes with a minimum of four characters. Passwords may be challenging to remember, which may prove problematic for a device not regularly used.

It’s important to remember that two-step verification (using multiple password protections in sequence) on cellphones isn’t available. Users will have to establish the unlock method that works best for them.

David Balaban

David Balaban is a computer security researcher with over 17 years of experience in malware analysis and antivirus software evaluation. David runs Privacy-PC.com and MacSecurity.net projects that present expert opinions on contemporary information security matters, including social engineering, malware, penetration testing, threat intelligence, online privacy, and white hat hacking. David has a strong malware troubleshooting background, with the recent focus on ransomware countermeasures.

Source link

Leave a Reply

Your email address will not be published.