密码(Passcodes)很烂。它们需要很长时间才能输入,很容易忘记它们,而且大多数人可能会选择一些非常容易猜到的东西,这会损害他们的安全性。这就是生物识别解锁方法如此受欢迎的原因。
除了最便宜的智能手机(smartphones)之外,所有智能手机现在都内置了指纹扫描仪。轻轻一按,手机解锁,非常方便。但由于屏幕越来越大,现在更多的设备也开始使用面部识别。Apple也不例外,它提供使用这两种技术来保护它们的设备。正式称为Face ID和Touch ID的技术。
但是面容 ID(Face ID)和指纹扫描是如何工作的呢?
什么是面容 ID 和触控 ID?
这个问题的明显答案是,Face ID是面部解锁系统,而Touch ID是指纹解锁系统。工作(Job)完成。文章结束。对吗(Right)?嗯,它比这更复杂一些,因为尽管许多不同的公司使用面部和指纹来解锁他们的设备,但它们的工作方式并不相同。
这两个生物识别系统是苹果(Apple)针对生物识别问题的专有解决方案。这很重要,因为像苹果(Apple)这样的公司觉得他们的方法和技术比他们的竞争对手更安全。这很重要,因为黑客和其他安全专家过去曾设法欺骗这些系统。
正如您所料,生物识别安全传感器的创造者和想要打败它们的人之间存在着一场竞赛。您必须了解Apple设备上的传感器如何工作以及它们的局限性。
面容 ID 和触控 ID 如何工作?(How Does Face ID & Touch ID Work?)
Touch ID 是 Apple 最成熟的生物识别系统,您会在某些型号的 iPhone、iPad 和MacBook Pro(MacBook Pros)上找到它。它的传感器使用蓝宝石水晶作为按钮材料。这非常坚硬,而且非常耐刮擦,这就是高端智能手机相机也使用蓝宝石镜头盖的原因。
当您将手指放在按钮上时,会从您的指尖拍摄一张非常高分辨率的图像。然后,专有软件算法会检查图像,将您的指纹转换为纯数学。然后将其与设置Touch ID时注册的指纹的存储数学变换进行比较。(Touch ID)如果它们匹配,则设备解锁。
面容 ID(Face ID)的工作方式也非常智能。许多设备使用普通相机进行面部识别。它将记录的照片与您提供的用于解锁设备的照片进行比较。进行面部匹配的软件非常复杂,但是这些相机中的许多都无法区分照片或面具,因此它们可以被骗解锁。
(Face ID)另一方面,Face ID使用专门的TrueDepth摄像头来创建非常详细的面部深度图。一个超过 30 000 点。它将这与您脸部的红外图像相结合,以创建面部轮廓。现代Apple移动设备处理器的神经网络机器学习硬件组件使这种复杂程度成为可能。
那么这些技术的安全性如何,它们是否足以让您信任?
一般生物识别安全漏洞(General Biometric Security Flaws)
首先(First),一些安全漏洞通常适用于生物识别系统。使用生物学的某个方面来解锁某些东西的最大问题是你无法改变它。如果有人设法制作了您的指纹或面部的完美副本,他们就可以解锁任何东西。如果有人知道密码或密码,只需更改它。
这类事情过去曾发生过,生物识别传感器绕过它的方式是变得更加详细并查看您生物学的多个方面。例如,指纹的更精细细节或体温的存在。那些想要打败这些系统的人必须更好地复制你的生物学,这对于普通黑客来说在某些时候是不切实际的。
生物识别系统的最大弱点是一个非常简单的弱点。有人可以简单地拿走您的手指或脸并强迫您解锁设备。这与您可以“忘记”或以其他方式保留的密码或代码不同。我们将在文章末尾处理这种情况。
Face ID 和 Touch ID 的安全性如何?(How Secure Are Face ID & Touch ID?)
这是一个有点棘手的问题,因为这取决于您对“安全”的定义是什么。通常,此类系统的安全性表示为某人随机击败它们的几率。这就是破解数字锁的“蛮力”方法。对于Touch ID,只有 500,000 分之一的机会有人的指纹与您的指纹足够相似,以至于Touch ID会被愚弄。
当然,这与某人对您的指纹印象或通过扫描创建假指纹相比是非常不同的。再说一次,发生这种情况的可能性有多大取决于你是谁,以及是否有人愿意走这条极端的道路。如果您是引起这种关注的VIP,则不应使用生物识别技术,因为在我们看来,它们在该风险级别上不够安全。
(Face ID)根据 Apple 的数据,从蛮力的角度来看,Face ID更安全。一个随机的人看起来像你的百万分之一的机会。同卵双胞胎在这里可能是个例外。那么复制你的脸的照片或面具呢?Face ID对此有应对措施。如上所述,由于相机可以感知深度,因此照片无法正常工作。它还使用神经网络技术来减轻对掩码的使用。
没有数字可以告诉我们这有多有效,但对于普通用户来说,再一次,没有人会花费数千甚至数百万美元来创建技术来击败Face ID。如果您是一个国家的总统,请不要使用生物识别锁。(don’t use biometric locks.)
激活 iOS 生物识别 Killswitch(Activating The iOS Biometric Killswitch)
现在只剩下一个问题了。如果有人可以强迫您解锁手机怎么办?毕竟,他们只需要将它指向您的脸或将您的手指放在上面即可。如果您认为您可能会进入这种情况,您只需点击开/关按钮五次,生物识别功能将被禁用以支持密码。
在 iPhone 8 及更高版本上,您需要按下侧边按钮和任一音量按钮。当您阅读本文时,这些方法可能会有所不同,因此请务必查找特定 iOS 设备的生物识别 killswitch 方法。
简而言之:Face ID 和Touch ID对大多数人来说非常安全,但对于需要军用级安全性(military-grade security)的人来说却不是。但是,如果您非常偏执,请改用六位数的密码。
S2M Explains : How Do Face ID & Fingerprint Scan Work? Are They Secure?
Passcodes suck. They take a long time to type іn, it’s easy to forget them and most peоple рrobably pick something really easy to guess, which hurts their security. This is why biometriс unlock methods are so popular.
All but the most inexpensive smartphones now have fingerprint scanners built-in. One little touch and your phone unlocks, which is pretty convenient. But more devices are also now using facial recognition instead since screens are getting so large. Apple is no different and offers devices that use both of these technologies to secure them. Technologies that are officially known as Face ID and Touch ID.
But how do Face ID and fingerprint scans work?
What Are Face ID & Touch ID?
The obvious answer to this question is that Face ID is a face unlock system and Touch ID is a fingerprint unlock system. Job done. End of article. Right? Well, it’s a little more complicated than that because although lots of different companies use faces and fingerprints to unlock their devices, they don’t all work in the same way.
These two biometric systems are Apple’s proprietary solutions to the biometric problem. This matters because companies like Apple feel that their approach and technology are more secure than their competition. It matters because hackers and other security specialists have managed to fool systems like these in the past.
As you’d expect, there’s a race between the creators of biometric security sensors and those who want to defeat them. You must know how the sensors on your Apple device work and what their limitations are.
How Does Face ID & Touch ID Work?
Touch ID is Apple’s most mature biometric system and you’ll find it on certain models of iPhones, iPads, and MacBook Pros. Its sensors use the sapphire crystal as the button material. This is very hard and incredibly resistant to scratches, which is why high-end smartphone cameras also use sapphire lens covers.
When you place your finger on the button, a very high-resolution image is taken of your fingertip. A proprietary software algorithm then examines the image, transforming your fingerprint into pure math. This is then compared to the stored mathematical transformation of the fingerprint that was registered when Touch ID was set up. If they match, then the device unlocks.
Face ID works in a pretty smart way as well. Many devices use a normal camera for facial recognition. It compares the photo it has on record with the one you are presenting to unlock the device. The software that does the facial matching is quite sophisticated, but many of these cameras can’t tell the difference between a photo or a mask, so they can be fooled into unlocking.
Face ID, on the other hand, makes use of a specialized TrueDepth camera to create a very detailed depth map of your face. One with over 30 000 points. It combines this with an infrared image of your face to create a facial profile. The neural net machine learning hardware components of modern Apple mobile device processors make this level of sophistication possible.
So how secure are these technologies and are they good enough for you to trust?
General Biometric Security Flaws
First of all, some security vulnerabilities apply to biometric systems in general. The biggest problem with using an aspect of your biology to unlock something is that you can’t change it. If someone managed to make a perfect copy of your fingerprint or face, they could unlock anything. If someone figures out a password or passcode, just change it.
This sort of thing has happened in the past and the way that biometric sensors have got around it is by becoming more detailed and looking at multiple aspects of your biology. For example, finer details of your fingerprints or the presence of body heat. Those who want to defeat these systems have to get better at replicating your biology, which is impractical for the average hacker at a certain point.
The biggest weakness of biometric systems is a pretty simple one. Someone can simply take your finger or face and force you to unlock your device. That’s different from a password or code which you can “forget” or otherwise withhold. We’ll deal with this scenario at the end of the article.
How Secure Are Face ID & Touch ID?
This is a bit of a loaded question since that depends on what your definition of ‘secure’ is. Usually, the security of systems like these is expressed as the odds of someone randomly beating them. That’s the “brute force” method of cracking a digital lock. For Touch ID there’s only a 1 in 500,000 chance of someone’s fingerprint being similar enough to yours that Touch ID will be fooled.
Of course, that’s very different compared to someone making an impression of your fingerprint or creating fake ones from a scan. Then again, how likely that is to happen depends on who you are and if someone would be motivated to take this extreme path. If you’re a VIP who draws this sort of attention, you shouldn’t be using biometrics, since they aren’t secure enough at that risk level in our opinion.
Face ID is more secure from a brute force perspective according to Apple’s numbers. With a one-in-a-million chance of a random person looking enough like you. Identical twins are perhaps the exception here. So what about photographs or masks that replicate your face? Face ID has countermeasures for this. As mentioned above, photos won’t work since the camera can sense depth. It uses neural net technology to also mitigate against the use of masks.
There are no numbers to tell us how effective this is, but once again for the average user, no one is going to spend thousands or even millions of dollars creating technology to defeat Face ID. If you’re the president of a country, don’t use biometric locks.
Activating The iOS Biometric Killswitch
Now only one issue remains. What if someone is in a position to force you into unlocking your phone? They just have to point it at your face or put your finger on it, after all. If you think you may be entering this situation, you can simply click the on/off button five times and biometrics will be disabled in favor of a passcode.
On the iPhone 8 and up you need to squeeze the side button and either of the volume buttons. These methods could be different when you read this, so be sure you look up the biometric killswitch method for your specific iOS device.
In short: Face ID and Touch ID are plenty secure for most people, but not for people who need military-grade security. If you are however very paranoid, use a six-digit passcode instead.