Can Evil Twins Hack Apple iPhone X’s FaceID?
This biometric technology scans, recognizes, and validates people’s mugs in order to unlock their phones. It’s meant to replace (or supplement) Touch ID, Apple’s fingerprint-scanning technology, as well as passcodes, iPhone’s version of a password.
The advance presents some nagging questions. Can a new do fool it? How about a cowboy hat? Natural aging? Facsimiles? An identical twin?
Phil Schiller, Apple’s vice president of product marketing, assured viewers of the unveiling that most of these concerns are illusory. “Face ID learns who you are and it adapts to you as your face changes over time,” he said, noting that new hairstyles and accessories are not enough to throw the tech off.
Apple worked with professional mask makers and makeup artists to ensure that lookalike forgeries would not trick the software, Schiller said. While a random fingerprint could dupe Touch ID with a success rate of one in 50,000, Face ID improves upon that figure twenty-fold to one in 1 million.
Get Data Sheet, Fortune’s technology newsletter
“Of course, the statistics are lowered if that person shares a close genetic relationship with you,” Schiller hedged.
Indeed, one must wonder: What’s stopping an identical twin from accessing the contents of his or her sibling’s device?
Sure, this question is irrelevant for the vast majority of the world population. On average, only about four in 1,000 births result in identical twins, according to scientific consensus. (Interestingly, that rate has been increasing in developed countries in recent decades.) But Schiller found the potential loophole compelling enough to address during his presentation.
“If you happen to have an evil twin, you really need to protect your sensitive data with a passcode. Hopefully, you don’t,” Schiller said.In other words, if you have an identical twin, the chances of that person being able to bypass Face ID and break into your iPhone X increases.
Despite the threat, the certainty of this hack’s success is not a forgone conclusion. Microsoft (MSFT) has successfully demonstrated, using some of the same kinds of sensors in Apple’s new phone, an ability to keep identical twins out of one another’s devices with its own face ID tech, called Windows Hello, on computers running Windows 10.
It remains to be seen how Apple’s version stacks up. Until that’s determined, better to use a fingerprint or passcode, Mr. Spock.