Hacking Face ID, the facial recognition system built into Apple's iPhone X, isn't easy. Unless, it turns out, you're a very specific hacker—say, a rare 10-year-old kid, trying to break into the phone of whichever of your parents looks the most like you.
Attaullah Malik and Sana Sherwani made that discovery earlier this month, when their fifth-grade son, Ammar Malik, walked into the bedroom of their Staten Island home to admire their new pair of iPhone Xs just after they’d set up Face ID. “There’s no way you’re getting access to this phone,” the older Malik remembers his wife telling her son, in a half-joking show of strictness.
Malik offered to let Ammar look at his phone instead, but the boy picked up his mother's, not knowing which was which. And a split second after he looked at it, the phone unlocked.
The parents were shocked. Ten-year-old Ammar thought it was hilarious. "It was funny at first," Malik told WIRED in a phone call a few days later. "But it wasn't really funny afterward. My wife and I text all the time and there might be something we don’t want him to see. Now my wife has to delete her texts when there's something she doesn’t want Ammar to look at."
With Face ID, Apple has launched a grand experiment in a form of biometric security previously untested at this scale. For the most part, that gamble has paid off; WIRED's failed attempts to fool the system hint at how it defeats the most straightforward attempts at spoofing, and even the Vietnamese hackers who recently claimed to have defeated Face ID used a largely impractical technique. Their method required obtaining a detailed digital scan of their victim's face, and building a mask out of 3-D-printed plastic, silicone, makeup, and paper.
But aside from hackers actively trying to spoof Apple's biometrics, facial recognition presents other, more accidental privacy issues. For one, family members with similar faces can unlock each other's devices. Apple has, in fact, conceded that twins and even non-identical family members may sometimes be able to fool Face ID. But the case of spitting-image children unlocking their parents' phones presents what might be Face ID's most practical concern yet.
"We don’t want to disable Face ID. It’s very convenient. But this is a lot of hassle in terms of privacy," says Malik, who works as the director of technology operations at tech firm Taskstream. He points out that a parent's phone can offer access to apps that encompass everything from banking to food delivery.
"If my son had access to my wife's phone and she had that app on it, he could order ice cream for himself whenever he wanted," he says. (Malik was careful to note that Ammar is a "good kid" who isn't likely to take advantage of his access to his mother's phone. Malik also added that Ammar gets the best grades in his class.)
As Malik tells it, after his wife first registered her face in the phone, his son was able to dependably unlock his wife's iPhone X, as captured in the video above that he shared with WIRED, and wrote in a post on LinkedIn. When Ammar tried his father's phone instead, it also unlocked, but only on one attempt, which he has since been unable to replicate. Malik found that especially puzzling, since he says his son's face is clearly smaller than his wife's, and the two have somewhat different features. "People generally say he looks more like me," Malik says.
At WIRED's suggestion, Malik asked his wife to re-register her face to see what would happen. After Sherwani freshly programmed her face into the phone, it no longer allowed Ammar access. To further test it, Sherwani tried registering her face again a few hours later, to replicate the indoor, nighttime lighting conditions in which she first set up her iPhone X. The problem returned; Ammar unlocked the phone on his third try this time. It worked again on his sixth try. At that point, Malik says, the phone's AI seemed to learn Ammar's features, and he could consistently unlock it again and again.
All of that suggests that in the right conditions—and if parents aren't aware of the possibility—a lucky child might be able to unexpectedly access his or her parent's secrets. "Not everyone will have done this sort of testing, or they might not be aware that someone else in their family can log into the phone," says Malik.
It's not clear how widespread the Face ID's family problem extends, or if other kids have been able to unlock their parents' iPhone Xs. Apple didn't respond to WIRED's request for comment, beyond pointing to its Face ID security white paper and support page, which states that "the statistical probability is different for twins and siblings that look like you and among children under the age of 13, because their distinct facial features may not have fully developed. If you're concerned about this, we recommend using a passcode to authenticate."
Malik and Sherwani's son isn't the only unexpected relative who's been able to unlock an iPhone X. So have non-identical siblings, including this pair of brothers, and another pair of British half-brothers with a significant age gap between them, shown below.
In those cases, however, the siblings may have purposefully or inadvertently trained their iPhone X on a composite of the two faces. Every time a PIN is entered after a rejected face, Face ID is designed to treat that scan as a misfire, correcting itself so that it becomes more accurate over time. If those siblings entered a PIN after the wrong sibling's face was rejected by Face ID, the system would have learned his features.
But Malik insists that's not what happened in the case of his family. The phone unlocked the very first time Ammar looked at it, he says, and in later instances when his face didn't unlock it, no one ever entered the PIN after any of the failed unlocking attempts.
The solution for anyone who doesn't want to disable Face ID and rely on a PIN, Malik points out, is simply to try Face ID on your children after setting it up on yourself. "You should probably try it with every member of your family and see who can access it," he says.
In the rare case it does unlock, try re-registering your face in different light and testing it again. And failing that, keep a close eye on your phone's whereabouts whenever it's within a child's reach—and another eye on your ice-cream delivery app's transaction history.
More From this publisher : HERE
If you like our content help us with a share… or two …
Also - I have some free stuff for you .......
Nr 1. In This FREE Report you can Discover:
Secrets to acquiring the freshest, hottest leads via YouTube In-Stream ads quickly and easily! Best secret tips for the most effective targeting for your ads! Totally legal, but little-known method for literally stealing traffic from your competitors! Get more traffic to your videos and landing pages without spending a fortune! And much more - all within this special FREE report!
Nr 2. Did you know you can Absolutely EXPLODE YOUR EMAIL LIST FOR FREE with UNTOUCHED offline sources?
Nr 3. The #1 secret to becoming an affiliate superstar - Earn your first $100 online – without a dime to invest.
If you’re still looking to “make it online – I have just the thing for you. It’s a video series that shows how to make your first $100 online – even if you don’t have a dime to invest. Yes – nothing. Free. Nada. Is this possible? You bet. It’s the most powerful system used by those “in the know”. Good things don’t have to be difficult. And they don’t only come to those who wait. Have A Look
Nr 4. Top 10 Email Marketing Mistakes. Which of these mistakes do you make?
Nr 5. You can learn about : The hottest social networking site that will send an unlimited stampede of traffic to your site - for FREE! How to quickly locate a swarm of hungry buyers using "information portals"! The fast and easy way to use simple images to siphon targeted traffic, on command! Learn how to get the most possible traffic from Instagram, and make sure that traffic converts! And much more ...
Nr 6. It’s no secret… Facebook is an incredible place to get tons of free, viral traffic. But… most people are going about it all wrong. How many of these mistakes are you making? Download the free report to find out.
Nr 7. Special free report . It's called "Operation Midas Touch" and you can download it here...
The report features a surefire method for generating at least $1000 per week online,without a website or product of your own!
Nr 8. Instagram is still one of the hottest ways to get a LOT of traffic fast. All by sharing images. Sounds easy enough, yeah? Well, yes and no. If you want to really start driving a lot of traffic and making sales using Instagram then you should download this report.
Nr 9. When it comes to creating a product online there are so many ways to approach it. Wouldn’t it be great to just get the meat of it all so you can get started faster? Well, the good news is, today you can download a guide called the Product Creation Formula Quickstart Guide. It’s as the title suggests - a Quickstart guide. You’ll get a list of action steps to take right away. Download your copy today !
Nr 10. Would you like to finally USE all of that dusty PLR you have sitting around on your harddrive? Or maybe find the resources for the best PLR available - at the best prices? What about how to use that PLR to make you money with just a few minutes of work. Well, you’re not going to want to miss this!
Nr 11. Buzzfeed’s top post has more than 21 million views. Think about that for a sec… ONE of their articles has had over 21 million people who have read it! And they have thousands of articles... what would you do with that kind of traffic? A friend of mine hacked their method and was able to use it to get 11,592 targeted new subscribers in 2 weeks on their very first attempt!
Nr 12. Push notifications are one of today's hottest trends in website traffic and conversions, and for good reason. Studies have shown that as many as 40% of people will opt-in for push notifications, which is about TEN TIMES the rate of people who opt-in for emails! That’s huge! Not only that, but they're also highly effective at pulling clicks, as well. Some studies have shown CTR at an average of around 40%, with highs of as much as 80%! Again, that’s huge!
Nr 13. Would you like to know how to get more money from the exact same number of website visitors you’re currently getting? Even if you’re website is getting as few as 1-2 visitors a day, this report will show you how to increase your profits using these few handy hacks.
Nr 14. People have now realised that it's not the size of the list which matters, it's the quality. ... and the only way to create a quality list is by launching your own products. Let it be $7 ebooks, $17 info products, $27 video training product or software's... all of these work. My good friend Kevin Fahey has is revealing how he's launched over 20 products in the past 4 years, many of them top sellers. Needless to say he's banked a handsome amount in this time.
Nr 15. Do you ever feel that the man you like or even love, just doesn't see you or desire you in way you want him to? Or... maybe you're able to get a man's attention though not the right kind of attention? Or... maybe you're still single because you wait and wait for men to approach you first? What you may not know is that the way we flirt will either attract the "wrong" man for us or the "right" man.
Nr 16. When it comes to getting sales and leads online, there is ONE thing that 95% of marketers use... it's called a LIST. My friend Jimmy just released a free book that explains WHY a list is important and how YOU can build your own list. It's available right here (and it won't cost you a penny)
Nr 17. If you have tried everything, and still aren't able to get your Ex back, then you need to pay attention.
Nr 18. What if I told you that you could make ANY woman WANT to do ANYTHING for you? Would you think I'm crazy? Well... what If I told you that you could also make her LOVE every minute of it and come back for more?
Nr 19. I have a special free plugin for you today. It's called "Covert Hover Mini"
This plugin will triple your blog traffic by compelling your visitors to share your images on social media. This is some really clever stuff and it works like a charm. After you grab your free plugin, don't forget to read the free bonus report as it will show exactly how and why this strategy works like crazy.
Nr 20. The days of being able to get away with a basic WP theme and a pic or two are gone, your site needs to look good. Even Google are looking for you to have engaging graphics on your site. But getting good quality graphics made for your site is a pain, AND it will cost you both time and money (if you outsource it). But I have a special free download for you today. A virtual treasure chest of over 21K profit pulling graphics you can start sing today to generate more traffic & sales!
Nr 21. 20 professional full HD background videos. These background videos are perfect for giving your videos that extra kick they need to stand out from the crowd Oh yeah they are in full 1080p HD too, I hope you'll enjoy them.
Nr 23. No doubt, you've seen all of the video launches lately! There is a reason for it... Video marketing is a GREAT way to make money, and with the recent creation tools making it super accessable for anyone to get started... It's no surprise that more people are making videos. However... there is a missing element to most video marketing products...
Nr 24. For the first time ever... You can get the straight scoop on how someone is selling over $1,000,000/year of t-shirts on Facebook!Use them .... and have fun !