Apple introduced Face ID feature with the iPhone X, and the company claims that the method is far more secure than Touch ID technology. However, according to a report in The Wired, a 10-year-old boy was able to bypass the system by unlocking his mother’s iPhone X. On one occasion, the boy was also able to unlock his father’s phone. This means that family members who bear resemblance might be able to unlock each other’s device.
In a video, the mother and son duo demonstrate how they were able to unlock the same iPhone X (which had the Face ID set up for mother’s face) using both of their faces. Notably, unlike Touch ID, which can enroll multiple fingerprints; the Face ID feature can register only one face.
The Wired report points out that the son could unlock his mother’s iPhone X the first time she set her face. She registered her face under a different lighting thereafter, and this time her son couldn’t unlock the device. However, when she set up the security mechanism the third time in dimmer lighting, then her son was able to unlock her iPhone X again.
Of course, implications of this could be big as a lot of times parents wouldn’t want their children to see everything that they have on their phone. However, it looks like an isolated incident for now as we’ve not come across more similar reports. Apple, in a security paper, has already said that children under 13 years of age (especially bothers or sisters) shouldn’t use facial recognition as their faces could be too similar to each other.
“The probability of a false match is different for twins and siblings that look like you as well as among children under the age of 13, because their distinct facial features may not have fully developed. If you’re concerned about this, we recommend using a passcode to authenticate,” Apple’s Face ID security paper reads.
Meanwhile, a team of researchers from Vietnamese security firm Bkav claim to have fooled the Face ID authentication system using a composite 3D-printed mask. The Bkav security experts who also posted a video on how they did this said Face ID can be fooled by mask, which means it is not an effective security measure.