Samsung's attempt to catch up with iPhone X's Face ID security may be hampered by poor fac...

Posted:
in iPhone edited August 2020
The Intelligent Scan security feature of the Samsung Galaxy S9 may not be as secure as it seems, as a report suggests the facial recognition technology it uses is a weaker component of the biometric-based system compared to Apple's Face ID used in the competing iPhone X.




Introduced in the Galaxy S9, Intelligent Scan is meant to use multiple biometric systems to unlock the smartphone quickly and securely. The device's facial recognition is initially used to authenticate the user, followed by the use of an iris scanner if it fails to unlock, with the results of both combined for a third check if both techniques fail.

According to CNET, while this can allow for the phone to unlock in sub-optimal conditions, this may seem to be a less secure system than Samsung portrays, due to its initial use of facial recognition on its own.

Samsung appears to have reused the facial recognition system used in the Galaxy S8 in the S9, which uses the front camera to create a map of the user's 2D face. In the case of the Galaxy S8, security researchers were able to fool the facial recognition system using a printed photograph of the registered device user.

In the case of Apple's Face ID, it uses the TrueDepth camera array to create a 3D facial map for comparison against the version stored in the Secure Enclave. The use of a dot projector creating 30,000 reference points on the user's face makes it impossible to beat with a simple photograph, and Apple also worked to harden the system against more advanced techniques, such as creating lifelike masks.

For Samsung's system, it is reported that improvements to RGB and infrared camera technologies will help make the Galaxy S9 recognize faces more successfully in harsher conditions. Samsung also claims its deep learning algorithms used for biometric security have been upgraded to detect spoofing attempts, like images.

While this implementation of Intelligent Scan may be less secure than possibly intended, Samsung apparently plans to make it more secure when it is integrated with other services. For using apps like Samsung Pass, its system for authenticating with websites using biometrics instead of a password, it will require authentication with either the iris or a combination of both the iris and the face, not facial recognition on its own.

For more important features like Samsung Pay, facial recognition will not play a part at all. Instead, users will have to enter a pin, scan their iris, or scan their fingerprint using the rear-mounted reader.

The continued use of 2D-based facial recognition technology despite the emergence of Apple's 3D-based Face ID hasn't gone unnoticed by analysts and security experts. Global Data analyst Avi Greengart called facial recognition 'an area where Samsung is clearly behind Apple," highlighting Apple's time and monetary investment into Face ID.

The speed of the system by using multiple sources does get some praise from Lookout security researcher Andrew Blaich, noting Samsung wants "to provide some level of security but also make it easy and effective for you to get into the phone." Even so, Blaich suggests "This is probably trying to play catchup with how smooth the user experience is for the iPhone."

Comments

  • Reply 1 of 16
    I like how on Star Trek Discovery they used “breath ID” which was pretty damn easy to fool. You’d think computers would be way smarter 236 years in the future.
    viclauyycwatto_cobra
  • Reply 2 of 16
    StrangeDaysStrangeDays Posts: 12,834member
    So it can still be fooled by a photo?
    watto_cobra
  • Reply 3 of 16
    Unicorns_ReignUnicorns_Reign Posts: 6unconfirmed, member
    Can it be fooled by your "AR Emoji" avatar?
    anton zuykovracerhomie3airnerdwlymjony0watto_cobra
  • Reply 4 of 16
    fallenjtfallenjt Posts: 4,053member
    it will require authentication with either the iris or a combination of both the iris and the face, not facial recognition on its own”.

    Summarize in a few words: “Samsung face scan sucks!”

    For 1 fucking phone that needs 3 biometrices combined, Samsung just admitted to the world that “We were caught off guard by Apple Face ID and our current implementation sucked”.
    anton zuykovSnickersMagooracerhomie3king editor the grateairnerdjony0watto_cobra
  • Reply 5 of 16
    anton zuykovanton zuykov Posts: 1,056member
    Samsung's attempt to catch up may be hampered by its inability to catch up.
    IF THAT is the problem for your company, you can't really claim that your company is the industry leader.
    JaiOh81airnerdwlymjony0watto_cobra
  • Reply 6 of 16
    dick applebaumdick applebaum Posts: 12,527member
    fallenjt said:
    “it will require authentication with either the iris or a combination of both the iris and the face, not facial recognition on its own”.

    Summarize in a few words: “Samsung face scan sucks!”

    For 1 fucking phone that needs 3 biometrices combined, Samsung just admitted to the world that “We were caught off guard by Apple Face ID and our current implementation sucked”.
    Yeah... but to rectify that, Sammy is working on a new tech called SphIncterID... 
    edited March 2018 SnickersMagooking editor the grateJaiOh81airnerdanton zuykovcharlesgresjony0watto_cobra
  • Reply 7 of 16
    anomeanome Posts: 1,533member
    fallenjt said:
    “it will require authentication with either the iris or a combination of both the iris and the face, not facial recognition on its own”.

    Summarize in a few words: “Samsung face scan sucks!”

    For 1 fucking phone that needs 3 biometrices combined, Samsung just admitted to the world that “We were caught off guard by Apple Face ID and our current implementation sucked”.
    Yeah... but to rectify that, Sammy is working on a new tech called SphIncterID... 

    You know where you can stick your phone...

    Exactly, that's how it works.

    jony0watto_cobra
  • Reply 8 of 16
    airnerdairnerd Posts: 693member
    So they are faster because they aren't as secure...and that's a GOOD thing?  
    jony0watto_cobraanton zuykov
  • Reply 9 of 16
    maestro64maestro64 Posts: 5,043member
    Samsung's attempt to catch up may be hampered by its inability to catch up.
    IF THAT is the problem for your company, you can't really claim that your company is the industry leader.

    you can only copy if you understand how it works. The issue is the training of the device. Apple spend years teaching the AI how to recognize a face properly, the problem is you can not condense the time it takes to train the system to work. Apple said they process millions of face through the system so it can learn. Samsung and the other have to do the same thing and they do not have the time let along the resource to do this.
    watto_cobra
  • Reply 10 of 16
    avon b7avon b7 Posts: 7,621member
    maestro64 said:
    Samsung's attempt to catch up may be hampered by its inability to catch up.
    IF THAT is the problem for your company, you can't really claim that your company is the industry leader.

    you can only copy if you understand how it works. The issue is the training of the device. Apple spend years teaching the AI how to recognize a face properly, the problem is you can not condense the time it takes to train the system to work. Apple said they process millions of face through the system so it can learn. Samsung and the other have to do the same thing and they do not have the time let along the resource to do this.
    For me this is the key. Lots of companies have had half decent facial recognition tech and many were working with the same imaging hardware as Apple and in parallel to them.

    The difference is the NPU and the ability of the phone to improve recognition on device over time. Until recently, only Huawei and Apple had that option ooen to them in large numbers. 

    The hardware (imaging) side is relatively simple. The software (recognition/learning) side is where you will see it work or not.

    That said, a lot of hardware solutions already include some level of 'AI' capability and it is foreseeable that at some point a complete off the shelf solution will become available for handset makers.
  • Reply 11 of 16
    anton zuykovanton zuykov Posts: 1,056member
    maestro64 said:
    Samsung's attempt to catch up may be hampered by its inability to catch up.
    IF THAT is the problem for your company, you can't really claim that your company is the industry leader.

    you can only copy if you understand how it works. The issue is the training of the device. Apple spend years teaching the AI how to recognize a face properly, the problem is you can not condense the time it takes to train the system to work. Apple said they process millions of face through the system so it can learn. Samsung and the other have to do the same thing and they do not have the time let along the resource to do this.
    But that requires something to exist for you to be able to copy it, which means someone has already thought of it and implemented it.
    watto_cobra
  • Reply 12 of 16
    macguimacgui Posts: 2,350member
    It does make a difference, I guess, as to who has better facial identification. But in the end for either Apple or Samsung, FID is about convenience. For security there's the passcode.

    I've been very happy with TID on my 5s, though possibly due to a rapidly failing battery, it's markedly inconsistent in recognizing my (anatomical) digits. If I had a choice for any given iPhone, I'd probably be very happy sticking with TID.
  • Reply 13 of 16
    wlymwlym Posts: 102member
    fallenjt said:
    “it will require authentication with either the iris or a combination of both the iris and the face, not facial recognition on its own”.

    Summarize in a few words: “Samsung face scan sucks!”

    For 1 fucking phone that needs 3 biometrices combined, Samsung just admitted to the world that “We were caught off guard by Apple Face ID and our current implementation sucked”.
    Yeah... but to rectify that, Sammy is working on a new tech called SphIncterID... 
    They'll house it in the Crotch Notch™
    Rayz2016watto_cobraanton zuykov
  • Reply 14 of 16
    jony0jony0 Posts: 378member

    Well to be fair Face ID can be fooled by a mask. I tried it and some people were amazed and impressed yet others surprised and shocked as I pulled out the life size plaster head of my neighbour from my tote bag at the cash register to authenticate.

    edited March 2018
  • Reply 15 of 16
    MplsPMplsP Posts: 3,911member
    Speaking of fooling Face ID, what ever happened to Bkav's claim to have tricked FaceID? They made their claim, showed a video that didn't clearly show what they claimed and now have been heard no more.
  • Reply 16 of 16
    roakeroake Posts: 809member
    jony0 said:

    Well to be fair Face ID can be fooled by a mask. I tried it and some people were amazed and impressed yet others surprised and shocked as I pulled out the life size plaster head of my neighbour from my tote bag at the cash register to authenticate.

    That’s right, but you’re safe here.  The FBI doesn’t read this thread.  We all know that head wasn’t plaster.
Sign In or Register to comment.