Can you unlock face ID with a picture Reddit

Let me point out from the start that I don't believe everything is as it seems with what I about to say.

Also, I'm posting this in r/sysadmin because I respect the Redditors here over the typical ones in the iPhone subs. I figure that if this happens to be a real issue, you all will know about it and why it is possible.

I just saw, with my own eyes, an employee unlock their iPhone 13 Pro with a picture of their face displayed on my iPhone 12. TWO TIMES. I figure there must be more to this than just "show the iPhone a picture and FaceID is a broken security disaster" right?

The employee held their locked, passcode'd phone with the front facing away from them. No way the front camera could see their face. I watched the screen of their phone the whole time, and they weren't touching any of the phones buttons or whatnot.

Next, they held my phone with a full screen picture of them on the display, wiggled the phones around a bit and... magically unlocked their phone. I called bullshit. They did it again. I called bullshit again, and after that they were not able to replicate it.

How is this possible? No Apple Watch for for the employee with the iPhone 13 Pro, but I do have one paired with my iPhone 12.

Is it somehow getting their biometric data reflected off the glass of my iPhone? Or the glass in the office (four glass walls)?

Have you seen this? Other then on shady TikTok videos and such?

EDIT: Clearing up some common questions/comments:

No Apple Watch. The employee with the iPhone 13 Pro that was unlocked does not own or have a connected Apple Watch. I have and was wearing a connected Apple Watch, but my phone was the one showing the picture. Shouldn’t have anything to do with the security settings on the other phone.
Specially crafted photo. Nope. They took the picture on my phone, right in front of me. Just a plain old selfie kind of shot.
“FaceID with a Mask” option Is OFF.
“Require Attention for FaceID” is ON.
They are playing some sort of trick. I HOPE SO! But what I saw, twice, didn’t show any sign of anything other than they unlocked their phone using a picture displayed on my phone.

Please remember that all comments must be helpful, relevant, and respectful. All replies must be a genuine effort to answer the question helpfully; joke answers are not allowed. If you see any comments that violate this rule, please hit report.

When your question is answered, we encourage you to flair your post. To do this automatically simply make a comment that says !answered (OP only)

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

Hey guys, yesterday me and my friend tried to unlock my iPhone 12 with a picture of me. It literally worked the first 2 times and it kinda makes me wonder hows that even possible. I can't replicate it anymore but it did unlock my phone the first 2 times.

How?

As the title suggests, I literally recieved my s10+ today so me and my friends wanted to try how secure the faceID is. We loaded a 2week-old picture of me on my friends iphone and put it in front of my s10+, and it just unlocked...

I don't know if this is a known issue or if the faceID security on samsung is just shitty, if not this should be known.

Awesome phone overall!

Here is my S8 showing the same effect.

Edit: another interesting note is that if I use face unlock in the right position in the room it dims/brightens our remote controlled lights due to the infrared sensor picking up the IR led on the phone!

Hidden photos was originally just so you could keep photos that were neither bad enough to trash outright nor good enough (or near duplicate) to want to see when casually browsing your library.

Peek-a-View is a good app if you want to let people selectively browse your photos on a device (and block accidental edits/deletes/etc).

https://apps.apple.com/us/app/peek-a-view/id1491554407

Just saying, I agree a "private" album of some sort that locks down all the photos in it would be a good idea as well.

I know everyone is probably bored by the whole Face Unlock drama, but I got a Nexus today and I thought I would try and hack it with my photos.

I did it a bit differently to how we have been shown in videos. In the two videos I saw they used a Galaxy Note and a photo of themselves taken at pretty much the same time they set up the lock. I do not have a Galaxy Note, so I just tried it with my laptop. I also used photos of myself from Facebook.

I didn't get in once. I figured it was because I was smiling in the pictures and it wasn't working because it didn't see a neutral expression. I was wrong though, it actually copes with facial expressions really well. I pulled some pretty stupid faces and it opened with all but the most extreme gurns.

I am actually really impressed with the feature. I don't know if I will continue to use it, but still very cool.