Back to Square One: Why The iPhone X Security Hack is Devastating to E-Payments
Apple has been busy for the last few months. They launched three new iPhones (an incredible achievement), including the iPhone X, which most experts are saying is changing the smartphone game. A $1000 phone better be special, and based on the gushing consumer reviews, this one seems to be living up to the hype. And one of the key functions that is making the X so popular is its 3D camera, which is allowing three-dimensional mobile facial recognition for the very first time.
Alas, not everything is perfect in Apple-land: it took hackers less than a week to crack the new 3D facial recognition security system (FaceID) using a mask, just like they cracked the fingerprint scanner with a gummy bear and the 2D camera with a photograph. And a 10-year boy on Staten Island was able to easily unlock his mother’s iPhone X just because he looked like her! This is not the best news for Apple Pay, the company’s overhyped but underused e-wallet whose entire existence is based on hack-proof devices. Using this system on a hackable phone is like leaving your wallet inside your unlocked car and expecting everything to be fine.
This isn’t a theoretical problem. A recent report from The Korea Herald says that several banks in the country are not ready to fully trust Face ID, including online-only providers Kakao Bank and K-Bank as well as commercial banks like Kookmin Bank, Shinhan, IBK, Busan, and NH.
“It was difficult for us to adopt the biometric technology (of iPhone X) abruptly since it normally takes some time to undergo several security procedures before adopting a new technology. Plus, the phone’s facial authentication technology was not fully proven,” a Kookmin Bank official said.
Plenty of articles about Apple Pay’s vulnerability have been written in the last few years, but the iPhone X was supposed to close the security gap. It didn’t. And while the hack isn’t directly related to Apple Pay, it’s another gut shot for a chronically underperforming Apple product.
Of course, no security measure is completely hack-proof, and probably never will be (the Trojans managed to get through a locked, guarded gate!), which is why it’s critical to fuse multiple measures into a single solution. The iPhone X 3D camera is a great tool, but it’s not enough on its own. That’s why mobile manufacturers need to do is think beyond just the picture-as-a-password paradigm and get serious about providing real security rather than just a better front end for verification.
Make no mistake: FaceID is a quantum leap in security. But it’s not perfect, and it’s not enough on its own. And Apple’s competitors have a rare opportunity to actually surpass the iPhone and deliver mobile payment systems that consumers will actually trust. They just need to get on board with building true multifactor security that is difficult to crack while also being easy for device owners to use.