Face ID hasn't been hacked: What you need to know

Rene using an iPhone
Rene using an iPhone (Image credit: Rene Ritchie)

Face ID, Apple's facial identity sensor for iPhone X, is new and that's both scary and ripe for exploitation. We saw it happen with Touch ID, from all the concern that manifested when Apple announced it alongside iPhone 5s to the sensationalized headlines and the attempts to spoof it after it launched. Now, we're seeing the same thing with Face ID — fear, uncertainty, and doubt spread before it was even released and spoof attempts are following in a post-video-first, think-through-the-logic-flow second frenzy.

It's a shame. Face ID is incredibly enabling and accessible technology that can all but eliminate active authentication for users and allow them to unlock and use their iPhones more simply and easily than ever before. But those same people, the ones who could benefit the most, are being assaulted by an endless stream of headlines that are, bluntly, worse attacks than many of the so-called exploits they claim to be reporting.

I know this because every time one of those headlines goes live, I get calls and messages from my family members who are suddenly panicked by them. And they don't deserve that. Nobody does.

Face ID facts

Before Face ID was released alongside iPhone X, Apple published a white paper (opens in new tab) covering its implementation and current limitations. The company followed up with a support article (opens in new tab).

I summed them all up, and some logical extensions, in my iPhone X review:

  • Face ID, as currently implemented, does not work in landscape orientation. (The camera system is optimized for portrait.)
  • Face ID needs to be able to see your eyes, nose, and mouth to be able to function. If too much of that area is blocked by IR filters (like some sunglasses) or other objects (like masks), there's not enough of your face to ID. (This is like the gloved finger with Touch ID.)
  • Direct sunlight on the Face ID camera can blind it, just like any camera. If you're standing with the sun directly over your shoulder, turn a bit before using Face ID. (This is like the moist finger with Touch ID.)
  • If you're under the age of 13, your facial features may not yet be distinct enough for Face ID to function properly and you'll have to revert to passcode.
  • Face ID can't effectively distinguish between identical twins (or triplets, etc.) If you have an identical sibling or even similar looking family member, and you want to keep them out of your iPhone X, you'll have to revert to passcode.
  • If you give someone else your passcode, they can either delete and re-setup themselves on Face ID or, if they look similar to you, enter the passcode repeatedly at failure to retrain Face ID to recognize their features as well/instead.
  • Unlike Touch ID, which allows for the registration of up to 5 fingers, Face ID currently only allows for one face. That means no sharing easy access with family members, friends, or colleagues.
  • If, for any reason, you don't like the idea of your face being scanned, you'll have to revert to passcode or stick with a Touch ID device.

There doesn't seem to be anything shown off in video or breathless headline since that doesn't fall under any of these limitations.

Hack vs. spoof

One of the most egregious errors in reporting that's gone on around Face ID also echoes those we saw years ago with Touch ID: The conflation of hacking with spoofing.

Diagram of TrueDepth Camera

Diagram of TrueDepth Camera (Image credit: Apple)

When people hear or read the word "hack", it's easy to imagine someone got into the system. In this case, the secure enclave on Apple's A11 Bionic chipset that houses the neural networks for Face ID and its data.

That absolutely has not happened. For both Face ID and Touch ID, the secure enclave remains inviolate. (That's very different from early HTC and Samsung implementations, which stored fingerprint data in world-readable directories...)

What we have seen is people try to spoof it or fool it into thinking its capturing legitimate biometric data. We saw this with Touch ID as well. We saw fingerprints being lifted and reproduced for the express purpose of fooling the sensor system. Even before biometrics, we saw this with traditional keys. People would scan and reproduce keys to get into door locks. It's exactly the type of attack you try against physical security systems.

Now we're seeing the same thing with family members, masks, and. Face ID.

Family Face ID feuds

Earlier this month, we saw two brothers post a video claiming one could unlock the Face ID system of the other. I covered it at the time:

One of the videos that got a lot of attention this weekend was made by two brothers, both of whom were eventually able to get Face ID to unlock the same iPhone X. It was revealed in a follow-up video that the first brother set up Face ID, then the second brother then tried to use it and was properly locked out. Then the second brother entered the iPhone X passcode to unlock.If someone else, including your sibling, has your iPhone X passcode, Face ID doesn't even exist. You've given them much higher access than even Face ID allows — including the ability to reset Face ID and other data on your iPhone X — and, literally, nothing else matters at that point. Keys to the castle. Time to go home.

But for Face ID in particular, there's some interesting behavior that's worth being reminded about: The neural networks that power Face ID are designed to learn and continue to match your face as you change your appearance over time. If you shave your mustache and/or beard, if you change your glasses and/or hairstyle, if you add or remove any makeup and/or facial decorations, as you put on or take off hats and/or scarves.

In the video, the second brother wasn't fooling or tricking Face ID in any way. By entering the Passcode was training it, as designed, to learn his face. By entering the Passcode multiple times, the second brother was literally telling Face ID to add his facial data to the first brother's.

More recently, we've seen younger siblings or children unlock the Face ID systems of older siblings or parents. In those cases, Passcode could also be used to train Face ID so it thinks the similar face is a new state of the registered face. In other words, it's introducing fuzziness into the system.

Even in cases where Passcode isn't being used to train a similar face, they're running into two of Apple's previously disclosed limitations:

  • If you're under the age of 13, your facial features may not yet be distinct enough for Face ID to function properly and you'll have to revert to passcode.
  • Face ID can't effectively distinguish between identical twins (or triplets, etc.) If you have an identical sibling or even similar looking family member, and you want to keep them out of your iPhone X, you'll have to revert to passcode.

If the facial geometry is the same and the relative is young enough that that they lack distinct facial features of their own, the chance for spoofing increases.

Mask confusion

Most recently, a Vietnamese security firm was given headlines when it claimed Face ID was successfully spoofed by dummy face. Similar to how the two brothers initially showed what looked like an immediate unlock but was subsequently disclosed as Passcode-enabled training, there turned out to be more to the mask-attack than the video first showed.

From Reuters:

Ngo Tuan Anh, Bkav's vice president, gave Reuters several demonstrations, first unlocking the phone with his face and then by using the mask. It appeared to work each time.However, he declined to register a user ID and the mask on the phone from scratch because, he said, the iPhone and mask need to be placed at very specific angles, and the mask to be refined, a process he said could take up to nine hours.

Machine Learning learns

People can shoulder-surf you (spy by looking over your shoulder) to learn your passcode. If you fall asleep they could put your finger on Touch ID. If they're a close family member or twin, they may be able to fool Face ID.

Face ID setup

Face ID setup (Image credit: iMore)

Those first two attacks are against static targets. Passcode never gets harder to spy. Touch ID is a simple data comparison. Face ID, on the other, hand learns.

Right now that learning is being tested and, in some cases, it's letting in look-almost-alikes that it should keep out. But Apple designed not only the current neural networks to adapt over time, Apple designed them to be replaceable with better neural networks over time.

From my Face ID Explainer:

Face ID keeps the original enrollment images of your face (but crops them as tightly as possible so as not to store background information). The reason for this is convenience. Apple wants to be able to update the neural network trained for Face ID without you having to re-register your face. This way, if and when the neural networks are updated, the system will automatically retrain them using the images stored in the same region of the secure enclave.

With Face ID, we don't have to wait for new hardware for it to improve. Apple can and undoubtely will improve any and every time the neural networks get updated.

Choose your own unlocks

With similar-looking relatives, concerns over false positives and unintended or unwanted access are absolutely legitimate. It can be mitigated by switching to a passcode, but Face ID is so convenient many will want to use it anyway. In those cases, it's important to remember that Face ID isn't binary. You can turn it on or off but you can also choose what Face ID can unlock even when it's on.

You can individually enable or disable Face ID for:

  • iPhone unlock
  • Apple Pay
  • iTunes and App Store
  • Safari AutoFill
  • Other Apps (on an app-by-app basis)

So, if you're worried about your sibling or child unlocking your iPhone, you can turn off Face ID for that but leave it on for everything once you unlock your iPhone with Passcode. You could also leave Face ID for unlock, but turn it off for purchases if you're worried about those.

Yes, all of those introduce inconveniences, but they let you pick your own inconveniences. And if any of them are a real deal breaker, Apple also offers iPhone 8 with Touch ID, and Passcode and Password options for every iPhone.

Face to Face ID

When you tap a password manager or banking app and you watch it unlock, or you go to a website and your login suddenly fills before your eyes, it makes you forget passwords and passcodes exist. Convenience, though, is perpetually at war with security.

Face ID, like Touch ID and all biometrics, is about convenience. and identity. If you're truly concerned with security, you'll want to use a long, strong, unique password. But that's not tenable for most people. So that convenience and identity becomes vitally important.

And despite all the FUD and frantic headlines, Face ID delivers that. And, in most cases, in a far better, more transparent way than any authentication system before it.

So, by all means be informed. Read and watch everything you can. But don't let anyone scare you just so they can get views or make headlines. Try it out and decide for yourself.

Rene Ritchie

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.

  • Thus far all we’ve seen is siblings and children. I’m not personally worried about any of this.
  • Excellent article, and thank you for the continued education.....:)
  • So... Not as secure as fps or iris scanning. Got it.
  • Where does it state this in the article? It's more secure than both of them
  • Don't be a shill. When was the last time a sibling, child etc gain access via the fps? Let me answer for you. Never.
  • It's very rare, more rare than someone being able to access your phone via fps due to a similar fingerprint
  • I haven’t seen any articles saying Face ID has been hacked or the enclave has been compromised. What articles are we referring to?
  • Just Rene making sure this won't spread in the news cycle. Rene wants to make sure no FUD gets spread about iPhone X.
    Free PR for Apple.
  • Regardless of whether it's "Free PR for Apple", it's good that he's trying to stop people spreading FUD
  • Yea...sure. But this headline is equally sensational given that no one has claimed the things he referenced in the title.
  • People have claimed that Face ID has been hacked, that's the terminology some have used
  • Really though, there isn' a massive difference. If someone gets into my phone I'm not really that bothered whether they've gained access to the enclave or just spoofed it at a higher level.
  • It's incredibly unlikely to happen either way. Every iPhone that's been released has had some rare issue, a miniscule group find it, report it to the media, and the media blows it out everywhere as FUD and sensationalism. This is no different, so just happily use Touch ID or Face ID, no one else will be able to access your phone either way
  • A part of the reason for the FUD is Apple has touted it as this next great thing, and even stated that it is harder to "break" than Touch ID. They used some handy statistics to back that up as well. So they invite this type of FUD. But either way, some of it is definitely FUD and it's good to bring rational thinking to the discussion. That said, Face ID still has shortcomings... With Touch ID you don't risk someone else picking up your phone and being able to spoof your fingerprint. Face ID inherently allows the *option* of a random person being able to get into your phone without your intervention. Touch ID does not allow that option. Also, since when is it a good thing for your security system to start off weaker than it should be, and learn and improve over time, only to *hopefully* get to a point where it can't be faked out? I think it's a great technology, but like the headphone jack, it feels like it's being forced upon us for no good reason.
  • "I think it's a great technology, but like the headphone jack, it feels like it's being forced upon us for no good reason." You did just answer your own question. "It's a great technology", as you said. Face ID is being "forced" upon you because it's a big improvement over Touch ID.
  • I meant the tech behind Face ID is impressive, not the process. Using that tech for Face ID is one implementation of the tech, but it is not the best, and definitely is not a big improvement over Touch ID.
  • Why is the implementation not the best? You look at your phone, and that's it. You're looking at your phone to unlock it anyway except in the scenario that you're unlocking it on a desk
  • It's a question of semantics as to whether it's been 'hacked' or not. Current usage of the term isn't restricted to breaking the code of something and can involve fooling a system. Face ID will become more secure as time goes by, but as fellow commenters have stated it was sold to us by Apple as being the most secure biometric security available. At present it seems like that we're at a beta stage for that lofty goal.
  • No you’re not at the beta stage.
    Here’s one of many YouTube videos spoofing TouchID with play doh.
    https://youtu.be/Nf8-BORZaIA Face I’d may be a problem for you, only if you’re one of many internet trolls who have suddenly discovered that they have an identical twin.
  • Is it at the beta stage? It's no different to the things that came out about Touch ID, or Samsung's iris scanner. It's not that they're not secure, but the methods found in unlocking the device would require a grabbing the facial shape/finger print from the user, and then also physically having access to their phone, which is incredibly unlikely.
  • It's at the beta stage as it's not behaving as Apple said it would. They allegedly spent $30k on fake face masks to prove it couldn't be fooled by such means. The chancers in the unlocking trickery spent only $100 and managed to do it. It's still unlikely ever to be replicated in the real world, but it shows that Face ID can be fooled and perhaps isn't 20x more secure than Touch ID.
  • Touch ID was fooled in a similar way (by means that very unlikely to happen in the real world), so judging by these "tests" it's either just as secure (or insecure) as Touch ID, or Face ID is still better
  • The FaceID has been hacked. Here is a video showing the proof of concept. https://www.youtube.com/watch?v=BzIIbGGClk0 Dictionary.com defines hacked as: "to circumvent security and break into" Touch ID is much more secure, not even a twin can unlock the iPhone.
  • You really did not read what Rene said.
    But you took the time to post this nonsense.
    Hint: The video is exactly what Rene is talking about.
  • Touch ID is much less secure, there's much less chance you're going to get similar readings with Face ID as opposed to Touch ID, of course you would've known this had you paid attention to the iPhone X announcement. And Touch ID has been "hacked" as well. But you should know that these methods of "hacking" would be incredibly difficult to do in a realistic situation. How are you going to model someone's face without them knowing? And how are you going to get physical access to their phone?
  • I wouldn't believe that just because Apple said it. Outside of Apple, there has been no proof of the claim that FaceID is that much more secure. We're just supposed to believe Apple because they told us so. At the end of the day, twins were able to get into each others iPhones using TouchID. They seem to be able to do so with FaceID. That kind of shows a weakness in FaceID that didn't exist in TouchID. We can all love a feature but we can also point out it's flaws.
  • Shall we go through all the weaknesses of Touch ID that don't exist in Face ID?
  • Exactly, Touch ID has been „hacked“, but that happened in perfect lab conditions after hours of work, it’s very unlikely to be reproduced on the street. I have never read a single report of someone‘s data being accessed through such a method in real life (from a stolen iPhone with Touch ID by law enforcement or whoever).
    Seems to me that Face ID is even more unlikely to be hacked in real life conditions.
    Even if that video from Vietnam isn’t a spoof for some PR (which seems very likely) – by the time someone who got hands on your device finished to model that replica of your face, you can easily set your iPhone to lost mode in Find My..., which requires a passcode to deactivate.
    Also, someone with a replica of your face better model it perfectly down to the smallest detail on first try, as after five failed attempts the passcode will be required. If someone has the technical means and resources of government authorities, passcode is even easier to hack than Touch ID or Face ID. In many cities of the world there is CCTV everywhere in public spaces, stores etc., makes it pretty easy to record a passcode being entered.
  • Regardless of what semantics you want to use it doesn't change the fact that somehow people out there have figured out methods to circumvent Face ID and gain access to iPhone X. They should have left Touch ID in.
  • There were ways to circumvent Touch ID as well, if not more, and more easily so. So leaving Touch ID would be just as bad, if not worse
  • I love the *idea* of Face ID but there are obvious problems, and for some people this IS a downgrade. You know who I want to prevent from getting into my phone on a day to day basis? My relatives. I think the chance of me losing my phone and a random stranger who looks like me finding it and unlocking it is not the kind of thing I'm worried about. It's preventing my relatives, some of whom look a lot like me from unlocking my phone and inadvertently seeing my test results from a doctor's visit that I left open, or text messages that I don't want them to see..the list is endless, from getting access to my phone.
  • Unless your relatives are **identical twins** of you, they are not going to get access to your phone. Don't believe FUD
  • So you are defining hacked as "the ability to get into the secure enclave that holds the facial recognition data". I define hacked as being about to use my face, or some facsimile thereof to unlock my phone, then unlock my Lastpass account and have access to everything. The cases identified so far are relatives which should be fine for most, but I have to wonder if this were a Samsung phone, would Rene be so generous? Technology is hard, and perhaps Face ID isn't quite there yet.
  • To answer your question if Rene would be as generous - definitely not. There is not a single person writing in tech that I can think of other than Ron Amadeo (but he's not nearly as bad) - as biased and and a total fanboy like Rene Ritchie.
  • But yet you come and read/comment on the articles. However "biased" it is, it's obviously working for people like you
  • Oh here we go again... The Apple shill Rene Ritchie running to defend Apple. Just the first sentence of the title tells you how ridiculous the lengths this guy will go to defend Apple. "Absolutely no one has broken into FACEID's enclave"... Are you kidding me. So Rene can say with certainty that not a single person across the globe has broken into it. His next sentence continues his Marvin the Mindreader status. "All we've seen is headlines and videos...." So in sentence one to open the article he can tell you he 100% knows that no human anywhere has broken into it, then in sentence two he calls everyone who has shown it that theyre all liars. The shill acts again. If sad that this guy continues to absolutely destroy the little credibility he has by making statements like these that he can not possible prove. As always, Rene Ritchie the Apple shill shows himself as a total joke.
  • Dude, take a deep breath. Go for a walk. You can continue to use Touch ID or passcode if you think that’s more secure. There’s no pressure.
  • There's no "thinking". You can "think" having no lock on your front door is more secure, that doesn't mean it is. Factually, Face ID is more secure, no one's opinion can change that.
  • Of course not. You take Apple marketing as gospel when they are routinely stretching the truth.
    It's ok lol Rene. Enjoy your unibrowed phone.
  • I mean you can look up tests for yourself, I don't just believe what Apple tells me. That being said, Apple do have a history of being right with their statistics, so you can't blame me really if I were to just believe it
  • Dude, learn to read. What I wrote had nothing to do with the level of security of FaceID. It was to once again call out the Apple shill Rene Ritchie for his ridiculous, biased reporting. If you actually read what I wrote you'd see that but again I suggest actually learning how to read. *****.
  • At the end of the day this article is about removing the FUD about Face ID, which regardless of fanboyism or bias, needs to be done
  • Thanks for the info Rene. Unfortunately FUD is a powerful force to reckoned with. Like fake news FUD is taken as the gospel truth by a lot of people.
  • FUD is so daft, it's believing in something just because someone tells you to. I remember all the FUD about Touch ID, or various other things to do with the iPhone. None of them happened to me, or my friends, or anyone I know