You are using an outdated browser. Please upgrade your browser to improve your experience.
Face ID

Another Video Shows That Face ID Isn't Totally Infallible

Security
by Brent Dirks
November 14, 2017

Another day, another supposed Face ID spoofing video. This time, a 10-year-old New York boy was apparently able to unlock his mother’s iPhone X. But once again, this shouldn’t exactly be a concern to most users.

As you can see in the video, Attaullah Malik and Sana Sherwani showed that their son – Ammar Malik – was able to unlock an iPhone with just his face.

In talking to the family, Wired noted an interesting issue:

At WIRED’s suggestion, Malik asked his wife to re-register her face to see what would happen. After Sherwani freshly programmed her face into the phone, it no longer allowed Ammar access. To further test it, Sherwani tried registering her face again a few hours later, to replicate the indoor, nighttime lighting conditions in which she first set up her iPhone X. The problem returned; Ammar unlocked the phone on his third try this time. It worked again on his sixth try. At that point, Malik says, the phone’s AI seemed to learn Ammar’s features, and he could consistently unlock it again and again.

What may have happened is that the AI behind the feature was trained on a mashup of both the mother and son’s faces. When a Face ID scan is taken and doesn’t correctly register, requiring the person to enter a PIN, another image is taken to improve accuracy.

Even so, the family insisted that it wasn’t the case. But I know from experience that my 10-year-old daughter was easily able to guess my PIN code.

Apple said that the probability a random person could unlock your phone with Face ID is 1 in 1 million. That’s compared to 1 in 30,000 for Touch ID. But that number is lower in many situations, including for children under 13. Here’s more from Apple’s Face ID support page:

The statistical probability is different for twins and siblings that look like you and among children under the age of 13, because their distinct facial features may not have fully developed. If you’re concerned about this, we recommend using a passcode to authenticate.

So just like yesterday’s video with the odd mashup mask, I’m not exactly worried about this latest “shocker.” If you’re worried, simply use a passcode, and hope kids (or your evil twin) aren’t looking over your shoulder.

As for me, I’ll stick with Face ID.

More Face ID Trickery

Cybersecurity Firm Claims to Trick Face ID With Elaborate Mask
Nothing found :(
Try something else