Your child may be able to unlock your new iPhone X simply by looking at it.

Seriously.

If you use Apple's Face ID technology - which unlocks iPhones by recognizing the user looking at the device - you may be at risk of having your child, parent, or other close family member being able to unlock your device without your authorization. Apparently, the similarity of appearance of close relatives can, at times, trick Face ID, which sometimes has difficulty distinguishing between close family members.

While it was previously known that FaceID has problems distinguishing between twins, such a failure impacts only a small portion of the population; people who are not twins - i.e., most people - were believed not to be at risk. That perception changed, however, with the discovery by researchers that the problem is much more substantial; the fact that FaceID sometimes cannot tell the difference between less-closely-related relatives is far more problematic. Parents normally do not want their young children to be able to unlock the parents' smartphones - and it was precisely this type of relationship that led to the discovery and reporting of the problem.

As initially reported by Andy Greeneberg in Wired:

Attaullah Malik and Sana Sherwani made that discovery earlier this month, when their fifth-grade son, Ammar Malik, walked into the bedroom of their Staten Island home to admire their new pair of iPhone Xs just after they'd set up Face ID. "There's no way you're getting access to this phone," the older Malik remembers his wife telling her son, in a half-joking show of strictness. Malik offered to let Ammar look at his phone instead, but the boy picked up his mother's, not knowing which was which. And a split second after he looked at it, the phone unlocked.

It should be noted that while humans may have difficulty distinguishing between identical twins, in almost all cases, a rational person can tell the difference between a 10-year old child and his mother. Yet, apparently, the biometric algorithms used by FaceID sometimes cannot ascertain who they see; authentication of familiar humans by visual cues is one area in which humans clearly still outpower technology.

FaceID has also fallen victim to tricks in which people create masks to match the biometrics of a device's legitimate owner - as was reported earlier this month with researchers from Vietnam demonstrating the hack in a YouTube video.

I discussed the current vulnerability with Jeff Schwartz, Vice President of North America Engineering at Check Point Software, whom I met at the Cyberhub Summit in Atlanta earlier this month. He pointed out that "Trying to reduce the bar for security rather than strengthen authentication can produce problems until the relevant technology is perfected." I agree. And I won't be using facial recognition technology for unlocking my phone anytime soon.

Published on: Nov 20, 2017
Like this column? Sign up to subscribe to email alerts and you'll never miss a post.