Hackers, and everyday consumers, who have bought Apple’s iPhone X, are trying to crack Face ID, the new facial recognition security feature that allows you to use your face, rather than your thumbprint or passcode, to log into your mobile device.
Now it appears, one of the earliest to achieve the feat is a 10-year-old boy.
Attaullah Malik and Sana Sherwani, parents of fifth-grader Ammar Malik, have recounted the hacking of the unhackable Face ID software in a video on youTube, a post on LinkedIn, and in an interview with Wired.
Attaullah Malik, who is director of technology operations at Taskstream, wrote that he and his wife had no intention of trying to trick Face ID.
“However, things changed right after we were done setting up our new iPhones on November 3rd,” Attaullah Malik wrote. “We were sitting down in our bedroom and were just done setting up the Face IDs, our 10-year-old son walked in anxious to get his hands on the new iPhone X. Right away my wife declared that he was not going to access her phone. Acting exactly as a kid would do when asked to not do something, he picked up her phone and with just a glance got right in.”
Here’s a video of showing Ammar Malik unlocking the iPhone X.
Apple has said that twins might be able to bypass the security features. But as Attaullah Malik notes in a post on LinkedIn, his son shouldn’t have been able to unlock Face ID. He wrote:
TrueDepth camera’s depth map of my wife’s face, which was created by projecting and analyzing over 30,000 dots, wasn’t accurate enough as it worked with my 10-year-old son. He doesn’t fall under the “twins” exception and has a big age difference compared to my wife. His face is smaller than my wife’s face and the geometry of their faces don’t match, at least to human eyes. Also, the additional neural network present in iPhone X that’s trained to spot and resist spoofing doesn’t work as intended in this scenario.
Attaullah Malik used the post as a cautionary tale meant to encourage users to understand limitations of a “smartphone to provide true biometric security and adopt it with that awareness in mind.”
The first reported case of researchers apparently being able to fool the Face ID software came earlier this month from Vietnamese cybersecurity firm Bkav.
A researcher with the firm demonstrated to Reuters how he apparently fooled Apple‘s face recognition ID software using a mask made with a 3D printer, silicone, and paper tape. Bkav said it cracked Apple’s Face ID, and provided a video showing an iPhone being unlocked when pointed at a mask. The video and Bkav’s claims have been met with some skepticism.
More on iPhone X: The Seven Most Interesting Experiences With iPhone X
Other reviews of the iPhone X, notably Nilay Patel at The Verge and James Martin at CNET have reported that when they used the iPhone in “bright sunlight,” the smartphone’s face scanner became “inconsistent.” Patel suggests in his review that the problem might be due to infrared light and the iPhone X not being able to consistently adapt to it.