• Tech
  • Apple

Could an ‘Evil Twin’ Trick Your iPhone’s Facial Recognition?

4 minute read

The iPhone X made its highly-anticipated debut Tuesday at Apple’s keynote event and one of its standout features is what the company calls Face ID. Gone is the fingerprint-required Touch ID, and in is a facial recognition software that allows users to unlock the phone, authenticate downloads and make purchases with Apple Pay. Naturally, the question on everyone’s mind is: can this technology be hacked?

Apple insists Face ID, which maps its user’s mug with 30,000 invisible dots within its so-called TrueDepth camera, is secure and stores data locally on the phone — which should prevent hackers from being able to breach information from a larger database. But what if it wasn’t a remote cybercriminal trying to access your phone from a distance but rather someone much closer like, say, a family member? Like a twin.

“Could an identical twin trick the machine? I suppose the answer is yes,” said Mike Shultz, founder and CEO of Cybernance, an Austin-based cyber risk management firm.

“I think a twin could be a possible problem if you were truly an identical twin,” added Chris Dore, an attorney at Edelson PC who specializes in consumer technology and privacy issues.

Both were quick to point out that for a twin to pick up their sibling’s phone and unlock it, they would have to possess a striking similarity to their sibling because Apple’s Face ID promises to analyze its subjects down to the fine details. While a user can grow a beard, get a haircut or put on a hat and still be able to access their device, according to Apple, the minuscule differences in face shape will be the primary measurement for the technology.

“It’s going to come down to a very, very granular level of measuring pieces of your face,” Dore explained. “It’s looking at measurements like in between your pupils and the edge of your mouth to your ear.”

“It works because [the iPhone X] has two very high-definition cameras spaced apart so you can get 3D imaging and really look at, ‘Is that ear one-ninth of an inch farther out on this guy or that guy?” Shultz added.

Identical twins develop from the same fertilized egg, so genetically they are exactly alike. Physical differences can arise, but they are a product of environmental changes over time, according to the Genetic Science Learning Center at the University of Utah. With this in mind, it’s feasible for twins raised in the same home environment to be virtually indistinguishable — especially if they are still young.

But ultimately, you may not have to worry about an evil twin because other forms of authentication for the iPhone could emerge, according to Rodger Desai, CEO of mobile authentication provider Payfone. Technology that can recognize how you hold your phone and type can properly identify ownership, he said.

“The larger problem is fraud for when the twin will pretend it happened when it didn’t,” Desai added. “And just like a credit card, if I say it was fraud one time, the company will forgive. But do it three times in a row and they’ll cancel it.”

Dore isn’t sure the issues end there, however. He fears that people will figure out how to unlock users’ phones without them realizing it.

“It would appear you could pick up someone’s phone and if you were near them and unlock it,” he said, adding that while unease for friends or spouses is one thing — the use of this method by law enforcement could be an even greater risk.

“Let’s say I arrest someone. I can pick up their phone and hold it in front of their face and unlock it,” Dore explained. “This creates very interesting fourth amendment questions,” he said, referring to the constitutional right of people to not be unreasonably searched without a warrant.

Of course, these scenarios are all hypothetical until the iPhone X releases later this fall. But experts and consumers alike will be keeping their eye on how the technology plays out. And should you have an identical twin, it’s in your best interest to make sure they’re not an evil one.

More Must-Reads from TIME

Contact us at letters@time.com