iPhone XS Max Face ID Flaw: Face ID can be spoofed by an unregistered face

If there is one feature that I like about Apple’s devices, that is the security. Apple has always prioritized the security features in all of its devices. Be it MacBook, iMac, iPad, or an iPhone, you will always find the best security system in these devices. It is very rare for Apple’s devices to get cracked by someone easily. However, something unexpected has come to my attention today, and that too regarding Apple’s latest, greatest, and most powerful handset. The iPhone XS Max has a Face ID Flaw. I was appalled to see how the Apple iPhone XS Max’s Face ID can be spoofed so easily. Here is what has actually happened.

Spoofing the iPhone XS Max with an unregistered Face

I have an iPhone XS Max with a registered face. There is no other face enrolled in that iPhone XS Max. It means that there is only one guy who is supposed to unlock that iPhone XS Max. However, that’s not the case here. This iPhone XS Max can be unlocked by another guy and here is the video where I’m demonstrating this security flaw.

The other guy has absolutely nothing to do with this iPhone. His face has never been added to this iPhone. There is no alternative face enrolled in the iPhone as you can see in the video. If you look at the faces of both the guys, you will not find any kind of similarity except for the beard on both the faces.

So, here is how I know that this, for sure is a security flaw either in the Face ID, or in the running iOS 12.0.1 software update.

A few days back, I tried the same thing on an X. At that time, both the guys shown in the video above had a mustache. They were both able to unlock that X while that phone had only one face registered in it. I did not take it quite seriously back then. When I noted the similar issue on the iPhone XS Max, I concluded that there is something going on here for sure.

To my understanding, the iPhone is either being confused because of the beard and mustache. It doesn’t rely much on the entire face or on the eyes actually. It is not as efficient as Apple has been calling it. I will definitely perform this same experiment with the help of friends who have a beard and mustache. For now, all I know is that this issue exists and Apple must take action to fix this.

Let me know about your thoughts on this issue. What do you think is the issue going on here which is spoofing the iPhone XS Max so easily?