A 10-Year-Old Boy was managed to unlock his Mothers iPhone X by cracking the Face ID using nothing but… his own face.
Attaullah Malik and Sana Sherwani made that discovery earlier this month, when their fifth-grade son, Ammar Malik, walked into the bedroom of their Staten Island home to admire their new pair of iPhone Xs just after they’d set up Face ID. “There’s no way you’re getting access to this phone,” the older Malik remembers his wife telling her son, in a half-joking show of strictness.
Malik offered to let Ammar look at his phone instead, but the boy picked up his mother’s, not knowing which was which. And a split second after he looked at it, the phone unlocked.
The parents were shocked. Ten-year-old Ammar thought it was hilarious. “It was funny at first,” Malik told WIRED in a phone call a few days later. “But it wasn’t really funny afterward. My wife and I text all the time and there might be something we don’t want him to see. Now my wife has to delete her texts when there’s something she doesn’t want Ammar to look at.”
With Face ID, Apple has launched a grand experiment in a form of biometric security previously untested at this scale.
But aside from hackers actively trying to spoof Apple’s biometrics, facial recognition presents other, more accidental privacy issues. For one, family members with similar faces can unlock each other’s devices. Apple has, in fact, conceded that twins and even non-identical family members may sometimes be able to fool Face ID. But the case of spitting-image children unlocking their parents’ phones presents what might be Face ID’s most practical concern yet.
“We don’t want to disable Face ID. It’s very convenient. But this is a lot of hassle in terms of privacy,” says Malik, who works as the director of technology operations at tech firm Taskstream. He points out that a parent’s phone can offer access to apps that encompass everything from banking to food delivery.
“If my son had access to my wife’s phone and she had that app on it, he could order ice cream for himself whenever he wanted,” he says. (Malik was careful to note that Ammar is a “good kid” who isn’t likely to take advantage of his access to his mother’s phone. Malik also added that Ammar gets the best grades in his class.)
Every time a PIN is entered after a rejected face, Face ID is designed to treat that scan as a misfire, correcting itself so that it becomes more accurate over time. If those siblings entered a PIN after the wrong sibling’s face was rejected by Face ID, the system would have learned his features.
But Malik insists that’s not what happened in the case of his family. The phone unlocked the very first time Ammar looked at it, he says, and in later instances when his face didn’t unlock it, no one ever entered the PIN after any of the failed unlocking attempts.
The solution for anyone who doesn’t want to disable Face ID and rely on a PIN, Malik points out, is simply to try Face ID on your children after setting it up on yourself. “You should probably try it with every member of your family and see who can access it,” he says.
In the rare case it does unlock, try re-registering your face in different light and testing it again. And failing that, keep a close eye on your phone’s whereabouts whenever it’s within a child’s reach—and another eye on your ice-cream delivery app’s transaction history.
iPhone X will have 5.8-inch Super Retina display, A11 Bionic chip, wireless charging and an improved rear camera with dual optical image stabilization. And, iPhone X delivers an innovative and secure new way for customers to unlock, authenticate and pay using Face ID, enabled by the new TrueDepth camera.
Face ID revolutionizes authentication on iPhone X, using a state-of-the-art TrueDepth camera system made up of a dot projector, infrared camera and flood illuminator, and is powered by A11 Bionic to accurately map and recognize a face.