Automatic Face Recognition & Another Bite of Apple

Despite being a self-confessed technophile, I admit I’m sceptical about facial recognition. I share the opinion of quite a few people, including DCI Mick Neville at London’s Metropolitan Police Service, that you cannot beat the Mark 1 eyeball for identifying and matching faces.

Following the London riots in 2011, police officers identified 4000 suspects from CCTV evidence, while computerised facial recognition managed to identify just one.

However, the quest continues to create a CSI-like computer system that can sift through thousands of mugshots in less than a second and give you the name and address of the suspect.

In Leicestershire, the police are having good luck with a trial of a system called NeoFace, with officers saying that early results show a “high success rate of identification”. That’s based on a test of 200 suspect images from which they achieved a 45% identification rate.

In January, Frost & Sullivan recognised NeoFace, produced by NEC, with its 2014 Award for Customer Value Leadership based on NEC’s success in introducing facial recognition into mainstream commercial applications.

But there are dozens of products out there, all claiming various levels of success in different real-world applications, and with police forces around the world under pressure to deal with an ever-growing pile of video evidence, the rewards for those companies that crack the market are sure to be enormous.

If someone shows me evidence of a system that actually works in real-world conditions, I will happily reconsider my scepticism about this futuristic technology.

Following up from yesterday’s blog, Apple are now attempting to swerve any blame for the hacking of its iCloud service. In a statement the company said: “None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone.”

Apple recommends that its users always use a strong password and enable two-step verification.

As an iPhone user, I have never been asked to activate it or been told about iCloud’s two-step verification. The default option was to enable iCloud but since then I have never had cause to use it nor been updated on any of its features.

However, the big problem with Apple’s two-step verification – which rather negates the value of its reassuring press statement – is that it’s only used to protect access to the user’s account details and for verifying purchases. The most likely attack used by the hackers was to gain access to the victims’ iCloud backup and that is not protected by two-step verification.

Worryingly for the victims, photos were not the only data they lost. The hackers also gained access to emails, telephone contacts and text messages, along with any other information including sensitive documents like contracts and negotiations, that might have been stored in the cloud.

Find my iPhone and similar services could also be accessed, giving hackers the ability to pinpoint the location of a celebrity at any time of day or night – a clear breach of the principles of close protection.

Given the risks and the apparent standards of security being implemented by the likes of Apple, it’s always best to assume that you’ve been hacked.

Whether you are on iPhone, Android or another platform, steps that you can consider taking to protect yourself include:

  1. Find out what data from your phone is automatically backed up (it’s surprising how many people don’t know)
  2. Enable two-step verification
  3. Change your password to one that’s long and difficult to guess
  4. Turn off automatic backup on everything except essential data, or consider turning it off altogether and backing up your phone to your laptop or PC manually once a week
  5. Consider turning off the find my phone feature, especially if you are a vulnerable person.

Meanwhile, despite its statement, Apple needs to clean up its security:

  1. The password recovery system is too user-friendly. While they help users regain access to their accounts more easily, they also provide numerous hints to hackers trying to deduce email addresses and security questions.
  2. The company should make a greater effort to inform users of the amount of data that’s being backed up and disable the default enabling of the iCloud back-up service.

You can learn more about the holes in the Apple security systems by reading the blog of Nik Cubrilovic. It’s quite detailed and some readers took issue with some of his claims but I don’t necessarily agree with them and I don’t think their comments detract from what he is saying.

Leave a Comment

You must be logged in to post a comment.