Cameras have advanced far beyond their initial capabilities of simply photo-taking and video recording. Now that biometric technology has become inextricably paired with camera technologies, most people have a camera in their pocket capable of identifying humans in order to perform activities such as unlocking smartphones or making payments.

In short, facial recognition is a security system typically used to identify or verify a person from a digital image or a set of facial features stored in a database. The technology is also becoming increasingly popular with retailers where facial recognition is deployed as a way to make payments.

oasis illustrations

Take the latest iPhone X for instance, which features a much-publicised Face ID capability. This feature enables users to unlock the device just by identifying the user's face as a form of biometric authentication.

Similar to the fingerprint-based Touch ID found in previous Apple devices, the use of Face ID also allows users to access Apple Pay, the App Store, iTunes and some third-party apps.

At the time of the iPhone X launch Apple claimed there is a 1 in 1,000,000 chance that someone would be able to open your phone using Face ID (compared to 1 in 50,000 chance of having the same fingerprint as you), but how secure is it really?

Security concerns

Hackers will already be looking to replicate people's faces in order to trick facial recognition systems, but the technology has proved harder to hack than fingerprint or voice recognition technology in the past. 

Wired magazine spent thousands of dollars on expensive masks and enlisted experienced biometric hackers in an attempt to trick Face ID following the release of the iPhone X, but still failed to beat the system.

Richard Parris, CEO of cybersecurity specialists Intercede, told Techworld: "Biometrics, facial recognition being one example of this, is fast becoming the de facto security measure for a wide range of business and consumer applications. But the question on many people's lips is 'is it really that secure?'

"Only this year, German hackers were able to trick a Samsung Galaxy S8 iris scanner with a picture of the device owner's eye and a contact lens. This was in the same month that HSBC's voice recognition security system was fooled by a journalist."

In short, Parris recommends combining biometrics with another form of security. "The dangers of biometric authentication such as facial recognition is that it is not entirely immune to potential attack and therefore should not be relied on as the sole means of verifying a user," he said.

This shows that despite the authentication technology providing unique benefits, the concerns are also significant, including the security of sensitive biometric data being held by the companies themselves.

For instance, looking at the issue of data privacy, the data that is stored about your face can potentially be accessed by third parties if the used device or system is hacked. This could lead to personal information being shared.

"The downfall of most companies that have fallen victim to attack recently was vulnerabilities at the user authentication level," said Parris. "Hackers can easily gain access to systems and networks with insecure passwords and information such as your date of birth or full name.

"The premise is the same for biometrics - your personal genetic data can be 'stolen'. Rather than use biometrics in isolation, instead businesses need to be looking at strong knowledge (something you know, such as a password) and inherence (something you are, like an iris scan)."

Two-factor security such as the above will enable businesses to securely verify that the system or technology is accessed by the right person, minimising the risk of possible attacks.

Lastly, it is essential that effective security is embedded from the development stage to avoid any of the potential risks that come with the use of facial recognition.

"The onus is on the business to provide the appropriate security to protect the customer, and the consumer needs to be aware of the data they are sharing and how they can better protect themselves from the prying eyes of cyber criminals," Parris added.