Cracking Apple’s FaceID security protocol in the iPhone X has become a popular game for hackers.
This week a firm used 3D printing and modelling to create a mask that allowed somebody who wasn’t the owner of the handset to unlock the iPhone X.
There are a few problems with this method, the biggest being making a 3D model of a face is not going to be the easiest thing for a criminal trying to get banking details.
But now something a bit more concerning has bubbled up to the surface.
In a report on Kitguru Sana Sherwani says that she set up FaceID on her new handset only for her 10-year old son Ammar Malik to glance at the handset and have it unlock. Compliment or offense, you decide.
The problem appears to have been with how Sherwani set up her FaceID. Upon redoing the enrolment process in better lighting her son was no longer able to access the handset.
But there is another problem with FaceID that might become more problematic especially within a family.
Reading through Apple’s documentation on FaceID security there is a section that reads, “if Face ID fails to recognise you, but the match quality is higher than a certain threshold and you immediately follow the failure by entering your passcode, Face ID takes another capture and augments its enrolled Face ID data with the newly calculated mathematical representation.”
If this new data is not matched for a while the system will discard it but in the instance of a family where smartphones might be shared like a pack of gum in our office this could become problematic after a while.
We also believe that genetics have a role in fooling FaceID. Ammar and his mum have very similar features (they are mother and son after all) so perhaps this was FaceID giving Ammar the benefit of the doubt.
The lesson is clear though, don’t let your family members use your iPhone X. You can tell them its for security reasons.