iPhone X Security: The Reliability of FaceID

In recent years, security researchers have successfully hacked various facial recognition systems. In some cases, all it took was holding a printed photo of the victim up to the camera; in others, a phone playing a video of the person winking was enough. Hacking FaceID, however, is not that simple: the new iPhone uses a special infrared TrueDepth system that projects a grid of 30,000 invisible dots onto the user’s face to create a 3D model.

Security researcher Marc Rogers, who was the first to trick the TouchID fingerprint sensor on the iPhone 5s and iPhone 6, believes that he or other experts will eventually find a way to hack FaceID. He suggested that a successful attack might only require a 3D-printed replica of the victim’s face. This method has previously been used to bypass Windows Hello authentication—though in that case, researchers had to not only recreate a 3D copy of the face but also simulate skin reflections. Apple, however, claims that Rogers’ concerns are unfounded.

Still, Wired warns: if someone manages to hack your phone protected by FaceID, they could do it again and again. Unlike a password, you can’t easily change your face, and that’s a fundamental problem with biometric authentication. Additionally, we rarely hide our faces and often post photos and videos on social media. Last year, researchers managed to hack five different authentication systems by creating 3D face models from victims’ Facebook photos.

Another potential threat comes from law enforcement. If you don’t want the police to access your phone, you can refuse to provide your password by invoking your right against self-incrimination. This protection does not apply to your face. However, according to Apple representatives, iPhone owners with FaceID can simply look away from their phone to prevent it from unlocking.