10-Year-Old Unlocks Face ID on His Mother’s iPhone X as Questionable Mask Spoofing Surfaces

A new video has surfaced of a 10-year-old child unlocking his mother's iPhone X with his face even though Face ID was set up with her face.


The parents, Attaullah Malik and Sana Sherwani, said their fifth-grade son Ammar Malik simply picked up his mother's new iPhone X without permission and, to their surprise, unlocked the device with his very first glance.
We are seeing a flood of videos on YouTube from iPhone users who have gotten their hands on the new iPhone X and are trying to trick the Face ID. When my wife and I received our iPhone X, we had no such intention. However, things changed right after we were done setting up our new iPhones on November 3rd. We were sitting down in our bedroom and were just done setting up the Face IDs, our 10-year-old son walked in anxious to get his hands on the new iPhone X. Right away my wife declared that he was not going to access her phone. Acting exactly as a kid would do when asked to not do something, he picked up her phone and with just a glance got right in.
The younger Malik was then consistently able to unlock his mother's iPhone X, according to his parents. He was even able to unlock his father's iPhone X, but only on one attempt, which he has since been unable to replicate.


WIRED reporter Andy Greenberg suggested that Sherwani re-register her face to see what would happen. Upon doing so, the iPhone X no longer allowed Ammar access. Interestingly, after Sherwani tried registering her face again a few hours later in the same indoor, nighttime lighting conditions in which she first set up her iPhone X, the son was able to regain access with his face.

The parents clarified that no one ever entered the iPhone X's passcode after any of the failed unlocking attempts. That's important, since when Face ID fails to recognize you beyond a certain threshold, and you immediately enter a passcode, the TrueDepth camera takes another capture to improve its reliability.

Apple explains in its Face ID security paper:
Conversely, if Face ID fails to recognize you, but the match quality is higher than a certain threshold and you immediately follow the failure by entering your passcode, Face ID takes another capture and augments its enrolled Face ID data with the newly calculated mathematical representation. This new Face ID data is discarded after a finite number of unlocks and if you stop matching against it. These augmentation processes allow Face ID to keep up with dramatic changes in your facial hair or makeup use, while minimizing false acceptance.
Given no passcode was ever entered, we can assume that Face ID never learned and adjusted for the son's face.

The same Face ID security paper states that the probability of a false match is higher among children under the age of 13, because their distinct facial features may not have fully developed. Given the child is only 10 years old, and Apple's information, what's shown in the video isn't a surprising flaw.

Nevertheless, the video is further evidence that Face ID isn't 100 percent foolproof given just the right circumstances. If you are concerned about this, Apple merely recommends using only a passcode to authenticate.

In related news, Vietnamese security firm Bkav recently shared a video in which it was able to spoof Face ID with a mask. The video is generating headlines since Apple said Face ID uses sophisticated anti-spoofing neural networks to minimize its chances of being spoofed, including with a mask.


The mask was supposedly crafted by combining 3D printing with makeup and 2D images, with some special processing done on the cheeks and around the face. Bkav said the supplies to make it cost roughly $150.

We're skeptical about the video given the lack of accompanying details. For instance, Bkav hasn't specified whether it disabled Face ID's default "Require Attention" feature, which provides an additional layer of security by verifying that you are looking at the iPhone before authentication is granted.

Even if the video is legitimate, it's hardly something that the average person should be concerned about. The chances of someone creating such a sophisticated mask of your facial features would seem extremely slim.

Apple so far has not responded to the videos, beyond pointing reporters to its existing Face ID security paper we linked to above.

Related Roundup: iPhone X
Tag: Face ID
Buyer's Guide: iPhone X (Buy Now)

Discuss this article in our forums

10-Year-Old Unlocks Face ID on His Mother’s iPhone X as Questionable Mask Spoofing Surfaces

A new video has surfaced of a 10-year-old child unlocking his mother's iPhone X with his face even though Face ID was set up with her face.


The parents, Attaullah Malik and Sana Sherwani, said their fifth-grade son Ammar Malik simply picked up his mother's new iPhone X without permission and, to their surprise, unlocked the device with his very first glance.
We are seeing a flood of videos on YouTube from iPhone users who have gotten their hands on the new iPhone X and are trying to trick the Face ID. When my wife and I received our iPhone X, we had no such intention. However, things changed right after we were done setting up our new iPhones on November 3rd. We were sitting down in our bedroom and were just done setting up the Face IDs, our 10-year-old son walked in anxious to get his hands on the new iPhone X. Right away my wife declared that he was not going to access her phone. Acting exactly as a kid would do when asked to not do something, he picked up her phone and with just a glance got right in.
The younger Malik was then consistently able to unlock his mother's iPhone X, according to his parents. He was even able to unlock his father's iPhone X, but only on one attempt, which he has since been unable to replicate.


WIRED reporter Andy Greenberg suggested that Sherwani re-register her face to see what would happen. Upon doing so, the iPhone X no longer allowed Ammar access. Interestingly, after Sherwani tried registering her face again a few hours later in the same indoor, nighttime lighting conditions in which she first set up her iPhone X, the son was able to regain access with his face.

The parents clarified that no one ever entered the iPhone X's passcode after any of the failed unlocking attempts. That's important, since when Face ID fails to recognize you beyond a certain threshold, and you immediately enter a passcode, the TrueDepth camera takes another capture to improve its reliability.

Apple explains in its Face ID security paper:
Conversely, if Face ID fails to recognize you, but the match quality is higher than a certain threshold and you immediately follow the failure by entering your passcode, Face ID takes another capture and augments its enrolled Face ID data with the newly calculated mathematical representation. This new Face ID data is discarded after a finite number of unlocks and if you stop matching against it. These augmentation processes allow Face ID to keep up with dramatic changes in your facial hair or makeup use, while minimizing false acceptance.
Given no passcode was ever entered, we can assume that Face ID never learned and adjusted for the son's face.

The same Face ID security paper states that the probability of a false match is higher among children under the age of 13, because their distinct facial features may not have fully developed. Given the child is only 10 years old, and Apple's information, what's shown in the video isn't a surprising flaw.

Nevertheless, the video is further evidence that Face ID isn't 100 percent foolproof given just the right circumstances. If you are concerned about this, Apple merely recommends using only a passcode to authenticate.

In related news, Vietnamese security firm Bkav recently shared a video in which it was able to spoof Face ID with a mask. The video is generating headlines since Apple said Face ID uses sophisticated anti-spoofing neural networks to minimize its chances of being spoofed, including with a mask.


The mask was supposedly crafted by combining 3D printing with makeup and 2D images, with some special processing done on the cheeks and around the face. Bkav said the supplies to make it cost roughly $150.

We're skeptical about the video given the lack of accompanying details. For instance, Bkav hasn't specified whether it disabled Face ID's default "Require Attention" feature, which provides an additional layer of security by verifying that you are looking at the iPhone before authentication is granted.

Even if the video is legitimate, it's hardly something that the average person should be concerned about. The chances of someone creating such a sophisticated mask of your facial features would seem extremely slim.

Apple so far has not responded to the videos, beyond pointing reporters to its existing Face ID security paper we linked to above.

Related Roundup: iPhone X
Tag: Face ID
Buyer's Guide: iPhone X (Buy Now)

Discuss this article in our forums

Apple’s Head of Chip Design Talks About Face ID Security and More in Israeli Interview

Johny Srouji, Senior Vice President of Hardware Technologies at Apple, recently talked about Israel's contributions to Apple products, Face ID security, augmented reality, and more in a wide-ranging interview with Calcalist.


For context, Srouji leads the team responsible for custom silicon and hardware technologies like batteries, storage controllers, and application processors, including the new A11 Bionic chip in the iPhone 8, iPhone 8 Plus, and iPhone X.

The interview was published in Hebrew, so the quotes herein are loosely translated to English and may not be perfectly word for word.

Srouji started by complimenting Israel, where he was born and raised, for its significant contributions to Apple products. He said Apple now employs over 900 engineers in Israel, up from a reported 700 or so in 2015.

A few years ago, Apple opened research and development offices in Haifa, north of Tel Aviv, with the facilities serving as the iPhone maker's second-largest R&D operations outside of the United States at the time.

There, a team of engineers are focused on chip design, testing, and engineering, according to Apple's job listings over the years.

"The things we do in Israel are a significant part of every Apple device in the world," said Srouji. He went on to say "the team in Israel is part of this long-term vision of excellence and perfection, so we're here for the long term."

Apple has also acquired several Israeli companies over the years, including PrimeSense, which developed the original Kinect sensor for Xbox. PrimeSense's 3D sensing tech is believed to be at the core of Face ID on the iPhone X.

Apple later scooped up Israeli startup LinX, whose dual-lens camera technologies are likely used in the latest iPhone models. It also bought Israeli flash memory firm Anobit Technologies and facial recognition startup RealFace.

The interview later shifted to Face ID, which Srouji said is "the fastest and most secure" facial recognition system in the industry.

"Take the subject of user attention for identification," said Srouji. "If I am not fully aware of the device—i.e. looking at it with my face directly—there is no detection." He told the interviewer "you have to be happy about it because imagine you have the phone and I go aside and I can create a fake of it."

Srouji also reflected on Apple's new augmented reality platform ARKit. He said Apple is always looking far ahead with its chip designs, with a three-year roadmap leading into 2020. Read the full interview for his complete vision.



Discuss this article in our forums

Future HomePod Models Could Include Face ID Technology

A new rumor out of Apple's supply chain over the weekend suggests future iterations of the HomePod could come with 3D-sensing cameras supporting Face ID, similar to the front-facing technology on the iPhone X. Specifically, Inventec Appliances president David Ho mentioned recently that the company sees a trend towards both facial and image recognition technology being incorporated into smart speakers, without specifying which speakers in particular (via Nikkei).

Ho made the comment following Inventec's latest earnings conference, and analysts listening predict that he was likely referring to "the next generation of Apple's HomePod." Inventec Appliances is currently the sole supplier of both Apple's AirPods and HomePod, but also makes Xiaomi smartphones, Fitbit devices, and Sonos speakers, among others. Given the company's ties to Apple, analyst Jeff Pu predicts Ho's comments could suggest a Face ID-enabled HomePod in 2019.

"We see trends that engineers are designing smart speakers that will not only come with voice recognition but also incorporate features such as facial and image recognition," President David Ho told reporters after the company's earnings conference.

Jeff Pu, an analyst at Yuanta Investment Consulting, said Apple could roll out HomePods with 3D-sensing cameras in 2019.
Ho said that facial recognition features "are set to make people's lives more convenient and to make the product easier to use." He further clarified his comments, however, citing hesitancy about whether smart speakers "with more AI features" would become popular.

HomePod is set to release in December, although Apple has yet to confirm a specific release date for the new device. The upcoming smart speaker was first revealed during WWDC in June, where Apple explained it would be a music-focused speaker with high quality sound, deep Siri integration, and spatial recognition for providing the best sound in any space. Even before it was officially announced, rumors of the device's production were connected to Inventec Appliances.

Over a year before its unveiling at WWDC 2017, Apple's "Siri Speaker" was rumored to include facial recognition of some kind as another leg up on competing Echo products from Amazon. At the time, sources with knowledge of Apple's project said the device would be "self aware" and able to bring up different user profiles as people walk into a room, "such as the music and lighting they like." The HomePod launching next month will lack any such features and instead be controlled mainly through voice-enabled user prompts with Siri.

Related Roundup: HomePod

Discuss this article in our forums

Face ID Appears to Fail at Telling Apart Brothers Who Aren’t Twins in New Videos

With the iPhone X now in the hands of thousands of customers around the world, many early adopters are putting Face ID to the test to see if Apple's facial authentication system is as secure as it advertises.


Apple says the probability that a random person in the population could look at someone else's iPhone X and unlock it using Face ID is approximately 1 in 1,000,000, compared to 1 in 50,000 for Touch ID, but it notes the probability of a false match is different for twins and siblings who look like you.

We've already seen that Face ID can be fooled by identical twins, and now a video shared on Reddit appears to confirm that Face ID can sometimes fail to distinguish between siblings who aren't twins but have similar appearances.

IPhoneX Face ID fail? from iphone

In the video, the sibling who set up Face ID on his iPhone X was able to unlock the device with his face as expected. Next, he handed the iPhone to his brother. Face ID didn't authenticate his brother's face upon first attempt, but once he put on a pair of black rim glasses, his face was able to unlock the iPhone X.

Apple has been very transparent that Face ID can be less reliable in these situations, so the video doesn't come across as a PR disaster in the making for the company. But, it does visualize that Face ID isn't 100 percent failproof.

For those concerned about the security of their iPhone X in these cases, Apple's only recommendation is to use a traditional passcode instead of Face ID for authentication. Unfortunately, at least for the time being, that means disabling one of the key new features of a smartphone that costs at least $1,000.

Update: A similar video has surfaced of two half-brothers unlocking the same iPhone X with Face ID. The younger brother is supposedly 14 years old.


Not only do the siblings look somewhat similar, but Apple said probability of a false match is also different among children under the age of 13, because their distinct facial features may not have fully developed. Perhaps the 14-year-old brother falls within that category, even if slightly older.

Related Roundup: iPhone X
Tag: Face ID
Buyer's Guide: iPhone X (Buy Now)

Discuss this article in our forums

1Password 7 Launching With Support for iPhone X, Face ID, Drag and Drop on iPad, Quick Copy, and More

AgileBits today is releasing 1Password 7 for iOS with several new features, just one day before the iPhone X launches around the world.


1Password has been redesigned with the iPhone X's new screen size and dimensions in mind. The app now supports Face ID for unlocking with the iPhone X's facial recognition system, in addition to the existing options of using Touch ID on older iPhone models or manually typing in a master password.

An all-new feature called Quick Copy makes it quicker to copy and paste usernames, passwords, and one-time passwords into apps that don't support the 1Password extension. Simply open 1Password, copy the username for an app, switch to that app, paste your username, and then switch back to 1Password.


Without needing to do anything else, 1Password will put the password on the clipboard, meaning you can switch immediately back to the other app and paste it. If you're logging into a site or service that supports one-time passwords, you can repeat the same app switching process to quickly get the one-time password.

1Password 7 also has a redesigned Favorites tab with drag and drop support on iPads running iOS 11 or later, support for Handoff across iOS devices, keyboard shortcuts for external keyboards, and a slightly refreshed app icon.


1Password is a popular password manager for securing usernames, passwords, credit cards, addresses, notes, bank accounts, driver's licenses, passports, and more behind one master password, with end-to-end encryption. A built-in password generator lets you create strong, unique passwords and memorizable pass-phrases.

1Password 7 will be available today as a free update on the App Store for iPhone and iPad. An individual subscription costs $2.99 per month, which includes hosted service across Mac, iOS, Android, Windows, and 1Password.com.

Related Roundup: iPhone X
Buyer's Guide: iPhone X (Buy Now)

Discuss this article in our forums

Privacy Experts Raise Concerns Over iOS Developer Access to Certain Pieces of Facial Data

The iPhone X's facial recognition abilities continue to be found at the center of privacy concerns, with the American Civil Liberties Union and the Center for Democracy and Technology today raising questions over how "effectively" Apple can enforce certain privacy rules surrounding face scanning (via Reuters). Specifically, the privacy defending groups are worried about how certain pieces of facial data can be taken off the iPhone X by developers who seek to create entertainment features with the new smartphone's facial software.

Facial data that is used to unlock the iPhone X -- or data related to "Face ID" -- is securely stored on the device itself and not in iCloud. However, Apple will let developers take certain pieces of this facial data off the user's iPhone "as long as they seek customer permission and not sell the data to third parties," according to terms seen in a contract by Reuters. This means that developers who want to use the iPhone X's front-facing camera can get a "rough map" of the user's face, as well as a "stream of more than 50 kinds of facial expressions."


The data that developers can gather -- which can then be stored on the developer's own servers -- is said to help monitor how often users blink, smile, or even raise an eyebrow. Although this data can't unlock the iPhone X, according to documents about Face ID sent to security researchers, the "relative ease" with which developers can gain access to parts of a user's facial data and add it to their own servers has led to the new concerns raised by the ACLU and CDT today.
That remote storage raises questions about how effectively Apple can enforce its privacy rules, according to privacy groups such as the American Civil Liberties Union and the Center for Democracy and Technology. Apple maintains that its enforcement tools - which include pre-publication reviews, audits of apps and the threat of kicking developers off its lucrative App Store - are effective.

[...]But the relative ease with which developers can whisk away face data to remote servers leaves Apple sending conflicting messages: Face data is highly private when used for authentication, but it is sharable - with the user’s permission - when used to build app features.
According to Jay Stanley, a senior policy analyst at the ACLU, the privacy issues surrounding facial recognition in the context of unlocking a smartphone "have been overblown." Stanley explained, "The real privacy issues have to do with access by third-party developers." The experts concerned about Face ID in this context are also not worried about "government snooping," but more about marketers and advertisers tracking how a user's expression reacts to their ads.

Apple has strict policies against developers using face data for advertising and marketing, but those concerned groups cited worry about the company's "inability to control what app developers do with face data once it leaves the iPhone X." Stanley said that "the hard part" for Apple will come from having to find and catch the apps that might be violating these policies, meaning that the big household names probably won't be of concern to Apple, "but there's still a lot of room for bottom feeders."

Now that the iPhone X is in the hands of reviewers, many have said that Face ID works quite well in many different conditions. Some outlets have taken to try and fool Face ID with large pieces of clothing, sunglasses, and "twin tests," the last of which have come back with mixed results. In its ongoing efforts to reassure customers of Face ID's security and privacy, Apple released an in-depth security white paper in September to highlight and explain some of these features of Face ID.

Related Roundup: iPhone X
Tag: Face ID
Buyer's Guide: iPhone X (Buy Now)

Discuss this article in our forums

U.K. Mobile Banking Apps Begin Offering Face ID Authentication Support

Two U.K. banks today updated their mobile apps to support Face ID, the facial authentication feature exclusive to iPhone X, which officially launches on Friday, November 3.

Nationwide and Bank of Scotland became the first mobile banking apps in the U.K. to provide compatibility with Apple's new facial recognition technology, which is set to replace Touch ID fingerprint authentication on all future iPhones and iPads, according to respected KGI Securities analyst Ming-Chi Kuo.


The two banking apps already provide a Touch ID option to authenticate customers when they attempt to log in to their accounts, so the fact that Face ID is being offered as an alternative option shows that the financial sector has full trust in Apple's new security technology, despite tests showing that it can be fooled by identical twins.

Apple has admitted that Face ID may not be able to distinguish between identical twins and in such cases recommends users protect sensitive data with a passcode instead. Otherwise, Apple says the chance that a random person in the population could look at your iPhone X and unlock it with their face is about one in a million (compared to one in 50,000 for Touch ID).

Face ID has proved to be reliable in early iPhone X reviews and first impressions, and it's also considered easy to set up and use, but Apple likely still has some work to do to convince the general public that facial authentication is the future. According to a research conducted by Top10VPN.com in October, over half (60 percent) of British consumers remain unconvinced by facial recognition. Only two in five (40 percent) consumers believing Face ID is a good idea, while 79 percent of Brits prefer to unlock their devices with a fingerprint or passcodes. (Poll sample size: 2,048 adults.)

Related Roundup: iPhone X
Buyer's Guide: iPhone X (Buy Now)

Discuss this article in our forums

iPhone X Face ID ‘Twin Tests’ Emerge With Mixed Results

Now that the media has had hands-on time with the iPhone X, the new smartphone is being put through its paces in a few areas, including Face ID. Since the iPhone X's new biometric security system has already been at the forefront of much debate and skepticism, most review and hands-on coverage has tried to fool Face ID, including Mashable and Business Insider running a "twin test" to see if one iPhone X unlocks for identical twins.

Image via Business Insider

Mashable ran its test by asking two different sets of identical twins to try to unlock the iPhone X, first by having one twin register their face in Face ID and confirm it unlocks for them. Then, the second twin held up the iPhone X to their face -- not registered in the device -- to see if they could get into their sibling's iPhone. In both instances of Mashable's twin test, the iPhone X successfully unlocked using the face of the non-registered twin, fooling Face ID completely.
With both sets of twins, the other twin unlocked the iPhone X, even though neither one had registered his face with Face ID on the iPhone X. With the Franklin twins, we had both brothers remove their glasses and had the other brother register. Again, Face ID failed to tell the difference.

Look, Apple never claimed Face ID was perfect and, in my tests, it could not be fooled by photos or videos of my registered face. Still, these results do not bode well for all the identical twins out there, to say nothing of triplets and quintuplets.
Interestingly, Business Insider's results contrasted directly with Mashable. In its test, Business Insider first had one twin register his face and then simply try to fool Face ID by wearing a hat, glasses, and a scarf, and Apple's security system unlocked every time. Then, his identical twin brother raised the iPhone X in front of his face, but the device repeatedly failed to open and was apparently able to distinguish between the two brothers.
I was pretty shocked that the iPhone X could really pick apart the details between me and my brother considering some of our own family members can’t tell us apart. So, yeah, it was a pleasant surprise knowing that Brian can't break into my iPhone X and I can’t break into my brother's.
It's worth noting that Apple itself admitted that Face ID may not be able to distinguish between identical twins during the iPhone X unveiling on September 12. Phil Schiller said at the time: "The chance that a random person in the population could look at your iPhone X and unlock it with their face is about one in one million. Of course, the statistics are lowered if that person shares a close genetic relationship with you. So, for example, if you happen to have an evil twin, you really need to protect your sensitive data with a passcode."

Face ID also runs using the smartphone's A11 Bionic chip with a built-in neural engine and Apple has said that it will get smarter over time, so in the future more sets of twins might discover that Face ID more accurately tells them apart from their siblings.

Related Roundup: iPhone X
Tag: Face ID
Buyer's Guide: iPhone X (Buy Now)

Discuss this article in our forums

Apple Reportedly Reduced Face ID Accuracy to Speed Up iPhone X Production

Several reports in recent months have covered Apple's struggle to ensure significant components for the upcoming iPhone X can be produced in large enough quantities to meet demand, with the main culprit being the 3D sensing modules that power the phone's TrueDepth camera and Face ID technology. In a surprise development, a new Bloomberg report today claims that Apple overcame its production challenges by quietly telling suppliers they could reduce the accuracy of the face recognition technology to make the iPhone X easier to manufacture.

Apple's production struggles have centered on the complex 3D sensor, which consists of a dot projector, flood illuminator, and infrared camera. The flood illuminator beams infrared light, which the camera uses to establish the presence of a face. The projector then flashes 30,000 dots onto the face which the phone uses to decide whether to unlock the home screen. Specifically, Apple has had trouble making enough of the fragile modules that combine to make up the dot projector, as Bloomberg reports:

Precision is key. If the microscopic components are off by even several microns, a fraction of a hair's breadth, the technology might not work properly, according to people with knowledge of the situation.
The delicacy involved in this production challenge has reportedly been further hampered by Apple losing one of its laser suppliers early on. According to the report, California-based Finisar failed to meet Apple's specifications in time for the start of production, and now the company is racing to meet the standards by the end of October. That has left Apple reliant on fewer laser suppliers than it originally expected.

To compound the issue, the fragility of the components created problems for Apple suppliers LG Innotek and Sharp. At one point, only about 20 percent of the dot projectors the two companies produced were usable, according to a person familiar with the manufacturing process. The suppliers reportedly slowed production in an effort to prevent breakages and ensure the required level of precision – a decision apparently mandated by Apple.
To boost the number of usable dot projectors and accelerate production, Apple relaxed some of the specifications for Face ID, according to a different person with knowledge of the process. As a result, it took less time to test completed modules, one of the major sticking points, the person said. 
It's not clear how much the new specs will reduce the technology's efficacy. As the report notes, a downgraded Face ID will probably still be far more accurate than Touch ID, where the odds of someone other than the owner of a phone being able to unlock it are one in 50,000. Even so, Apple is famously demanding on suppliers and manufacturers to help it make technological leaps and retain a competitive edge, which makes this story about the company choosing to downgrade the accuracy of Face ID all the more surprising, even if real-world functionality remains unaffected.

As it stands, Apple appears to have overcome the biggest production hurdles. Sharp is reportedly working to bring the production yield for dot projectors above 50 percent, while LG Innotek has already surpassed that level, which both companies are said to consider acceptable. As a result the 3-D sensor shortage is expected to end in early 2018, according to the report.

KGI Securities analyst Ming-Chi Kuo predicts Apple will have two to three million handsets available on launch day and 25 million to 30 million units for the holiday quarter, down from his previous forecast of 40 million. Pre-orders for the iPhone X begin this Friday, October 27 at 12:01 a.m. Pacific Time. Apple has said there will also be some stock of the smartphone for walk-in customers arriving early to its retail locations on November 3, the official iPhone X launch day.

Related Roundup: iPhone X
Tag: Face ID
Buyer's Guide: iPhone X (Caution)

Discuss this article in our forums