Unless you somehow have the time and energy to painstakingly handcraft a carbon copy of someone else’s face, there’s no getting around the iPhone X’s fancy new unlocking mechanism, Face ID. That is, unless — apparently —you’re a kid.
According to Wired, the most credible threat to your $1,000 phone’s super-high-tech security system is a 10-year-old — or, specifically, this 10-year-old.
(WARNING: Dabbing occurs in this video. Please prepare yourself.)
Earlier this month, Attaullah Malik and Sana Sherwani discovered that their 10-year-old son, Ammar Malik, could unlock his mom’s iPhone by merely walking into their bedroom and picking it up. According to Wired, the phone unlocked for the boy after a split second, leaving the whole family flabbergasted.
“It was funny at first, but it wasn’t really funny afterwards,” Malik said to Wired. “My wife and I text all the time and there might be something we don’t want him to see. Now my wife has to delete her texts when there’s something she doesn’t want Ammar to look at.”
When you think about the amount of technology that’s at play here, it’s pretty crazy that Ammar’s young face was able to successfully fool the phone. Face ID works by using Apple’s fancy new TrueDepth camera, which projects and analyzes over 30,000 dots to make a depth map of your face while also capturing an infrared image (which is how it works in the dark), and an A11 Bionic chip’s neural engine, which turns all that data into a comprehensive mathematical representation of your lovely ole mug.
“Apparently, TrueDepth camera’s depth map of my wife’s face … wasn’t accurate enough as it worked with my 10-year-old son,” Malik wrote in a LinkedIn post on the incident,”He doesn’t fall under the ‘twins’ exception and has a big age difference compared to my wife. His face is smaller than my wife’s face and the geometry of their faces don’t match, at least to human eyes. Also, the additional neural network present in iPhone X that’s trained to spot and resist spoofing doesn’t work as intended in this scenario.”
So why did this happen then? In all likelihood there are a number of factors at play here. According to Wired, the first time Sherwani set up Face ID on her iPhone X, she was inside, at night. This type of lighting can cause the phone’s facial authentication systems to be less accurate and perhaps even allow for a similar face to erroneously gain access. When Sherwani re-registered her face again in different lighting conditions, Ammar couldn’t get in.
The issue also likely has to do with how Face ID is set up to learn from us. If you try to use Face ID but get denied — due to a weird angle or some general AI funkiness — and then enter your passcode to gain entry, the AI is trained to treat that “denial” as a mistake, and will try to add that angle of your face to its “digital image” of you (a.k.a., learn from its mistake). Though Malik insists Ammar hadn’t touched the phone before it unlocked for him, it’s a plausible theory that could explain other similar situations.
If you take a peek at Apple’s lengthy information page on Face ID, they do have this to say on the subject (emphasis mine):
The probability that a random person in the population could look at your iPhone X and unlock it using Face ID is approximately 1 in 1,000,000 (versus 1 in 50,000 for Touch ID). As an additional protection, Face ID allows only five unsuccessful match attempts before a passcode is required. The statistical probability is different for twins and siblings that look like you and among children under the age of 13, because their distinct facial features may not have fully developed. If you’re concerned about this, we recommend using a passcode to authenticate.
“The take away here,” Malik wrote in his LinkedIn post, “is that we need to understand the limitation of a small mainstream consumer device such as a smartphone to provide true biometric security and adopt it with that awareness in mind.”