Samsung's attempt to catch up with iPhone X's Face ID security may be hampered by poor fac...
The Intelligent Scan security feature of the Samsung Galaxy S9 may not be as secure as it seems, as a report suggests the facial recognition technology it uses is a weaker component of the biometric-based system compared to Apple's Face ID used in the competing iPhone X.
Introduced in the Galaxy S9, Intelligent Scan is meant to use multiple biometric systems to unlock the smartphone quickly and securely. The device's facial recognition is initially used to authenticate the user, followed by the use of an iris scanner if it fails to unlock, with the results of both combined for a third check if both techniques fail.
According to CNET, while this can allow for the phone to unlock in sub-optimal conditions, this may seem to be a less secure system than Samsung portrays, due to its initial use of facial recognition on its own.
Samsung appears to have reused the facial recognition system used in the Galaxy S8 in the S9, which uses the front camera to create a map of the user's 2D face. In the case of the Galaxy S8, security researchers were able to fool the facial recognition system using a printed photograph of the registered device user.
In the case of Apple's Face ID, it uses the TrueDepth camera array to create a 3D facial map for comparison against the version stored in the Secure Enclave. The use of a dot projector creating 30,000 reference points on the user's face makes it impossible to beat with a simple photograph, and Apple also worked to harden the system against more advanced techniques, such as creating lifelike masks.
For Samsung's system, it is reported that improvements to RGB and infrared camera technologies will help make the Galaxy S9 recognize faces more successfully in harsher conditions. Samsung also claims its deep learning algorithms used for biometric security have been upgraded to detect spoofing attempts, like images.
While this implementation of Intelligent Scan may be less secure than possibly intended, Samsung apparently plans to make it more secure when it is integrated with other services. For using apps like Samsung Pass, its system for authenticating with websites using biometrics instead of a password, it will require authentication with either the iris or a combination of both the iris and the face, not facial recognition on its own.
For more important features like Samsung Pay, facial recognition will not play a part at all. Instead, users will have to enter a pin, scan their iris, or scan their fingerprint using the rear-mounted reader.
The continued use of 2D-based facial recognition technology despite the emergence of Apple's 3D-based Face ID hasn't gone unnoticed by analysts and security experts. Global Data analyst Avi Greengart called facial recognition 'an area where Samsung is clearly behind Apple," highlighting Apple's time and monetary investment into Face ID.
The speed of the system by using multiple sources does get some praise from Lookout security researcher Andrew Blaich, noting Samsung wants "to provide some level of security but also make it easy and effective for you to get into the phone." Even so, Blaich suggests "This is probably trying to play catchup with how smooth the user experience is for the iPhone."
Introduced in the Galaxy S9, Intelligent Scan is meant to use multiple biometric systems to unlock the smartphone quickly and securely. The device's facial recognition is initially used to authenticate the user, followed by the use of an iris scanner if it fails to unlock, with the results of both combined for a third check if both techniques fail.
According to CNET, while this can allow for the phone to unlock in sub-optimal conditions, this may seem to be a less secure system than Samsung portrays, due to its initial use of facial recognition on its own.
Samsung appears to have reused the facial recognition system used in the Galaxy S8 in the S9, which uses the front camera to create a map of the user's 2D face. In the case of the Galaxy S8, security researchers were able to fool the facial recognition system using a printed photograph of the registered device user.
In the case of Apple's Face ID, it uses the TrueDepth camera array to create a 3D facial map for comparison against the version stored in the Secure Enclave. The use of a dot projector creating 30,000 reference points on the user's face makes it impossible to beat with a simple photograph, and Apple also worked to harden the system against more advanced techniques, such as creating lifelike masks.
For Samsung's system, it is reported that improvements to RGB and infrared camera technologies will help make the Galaxy S9 recognize faces more successfully in harsher conditions. Samsung also claims its deep learning algorithms used for biometric security have been upgraded to detect spoofing attempts, like images.
While this implementation of Intelligent Scan may be less secure than possibly intended, Samsung apparently plans to make it more secure when it is integrated with other services. For using apps like Samsung Pass, its system for authenticating with websites using biometrics instead of a password, it will require authentication with either the iris or a combination of both the iris and the face, not facial recognition on its own.
For more important features like Samsung Pay, facial recognition will not play a part at all. Instead, users will have to enter a pin, scan their iris, or scan their fingerprint using the rear-mounted reader.
The continued use of 2D-based facial recognition technology despite the emergence of Apple's 3D-based Face ID hasn't gone unnoticed by analysts and security experts. Global Data analyst Avi Greengart called facial recognition 'an area where Samsung is clearly behind Apple," highlighting Apple's time and monetary investment into Face ID.
The speed of the system by using multiple sources does get some praise from Lookout security researcher Andrew Blaich, noting Samsung wants "to provide some level of security but also make it easy and effective for you to get into the phone." Even so, Blaich suggests "This is probably trying to play catchup with how smooth the user experience is for the iPhone."
Comments
Summarize in a few words: “Samsung face scan sucks!”
For 1 fucking phone that needs 3 biometrices combined, Samsung just admitted to the world that “We were caught off guard by Apple Face ID and our current implementation sucked”.
IF THAT is the problem for your company, you can't really claim that your company is the industry leader.
You know where you can stick your phone...
Exactly, that's how it works.
you can only copy if you understand how it works. The issue is the training of the device. Apple spend years teaching the AI how to recognize a face properly, the problem is you can not condense the time it takes to train the system to work. Apple said they process millions of face through the system so it can learn. Samsung and the other have to do the same thing and they do not have the time let along the resource to do this.
The difference is the NPU and the ability of the phone to improve recognition on device over time. Until recently, only Huawei and Apple had that option ooen to them in large numbers.
The hardware (imaging) side is relatively simple. The software (recognition/learning) side is where you will see it work or not.
That said, a lot of hardware solutions already include some level of 'AI' capability and it is foreseeable that at some point a complete off the shelf solution will become available for handset makers.
I've been very happy with TID on my 5s, though possibly due to a rapidly failing battery, it's markedly inconsistent in recognizing my (anatomical) digits. If I had a choice for any given iPhone, I'd probably be very happy sticking with TID.
Well to be fair Face ID can be fooled by a mask. I tried it and some people were amazed and impressed yet others surprised and shocked as I pulled out the life size plaster head of my neighbour from my tote bag at the cash register to authenticate.