10-Year-Old Unlocks Face ID on His Mother's iPhone X as Questionable Mask Spoofing Surfaces

[Geurt]

So... chances are one in a million... Apple has produced a few million and for certain already sold... so... we have one of them now. Nothing to see here, please walk on

 

[gnasher729]

Maybe Apple could include a pop up dialog box explaining that you need to train it multiple times.

I would think they should have an app, where you can record your face, and then let other people try it, and the app tells you how close they are. As Apple says, one in a million people is a match. If you are unlucky then a family member, or a work colleague who might be able to access your phone, is a good enough match.
[doublepost=1510698027][/doublepost]

That’s the key. Initial training done in poor light, so I bet fewer data points were stored. Higher likelihood of matching in that case. Enroll your face in good light. That’s something that can be adjusted in an update.

Poor light is no problem for FaceID, quite the opposite. The camera actually sends out light and measures the reflections. Works perfectly fine in the dark, but may have problems in bright sunshine.

 

[iapplelove]

I sent mine back, the only thing that really interested me was the display. Also that's your opinion. Willing to bet a 1080P OLED iPhone 8 would outsell a X pretty easily.

Nope, and why on earth would Apple make a phone like that. Wishful thinking on your part.

 

[840quadra]

I would think they should have an app, where you can record your face, and then let other people try it, and the app tells you how close they are. As Apple says, one in a million people is a match. If you are unlucky then a family member, or a work colleague who might be able to access your phone, is a good enough match.

That’s a good and interesting point.

I think part of the problem is the current training process. While I do like that it is faster than TouchID, I was amazed it didn’t have a lot more substance to it. What about having users make faces, or even scan a few more times? I am totally fine with a longer training process, if the security is higher.

Process could easily be setup with the following

1. Scan your face normally like you currently do
2. Scan your face while smiling
3. Scan your face while making some other type of face
4. Scan in low light
5. Better idea than I can think of.

Sure, keep it setup so it continues to learn, just get a solid baseline first and I think it would resolve some of the problems.

 

[gnasher729]

No. The calculus involved in FACE ID doesn't allow this cause math is an exact science. 23+2=25 every single time.

Huh? Apple doesn't do it with the iPhone X, but there is no reason why it wouldn't be possible. If they allowed the phone to be unlocked with either my wife's or my face, then I look at it, and some chip decides "similarity with photo 1 = 5.2%, similarity with photo 2 = 99.2%, face is accepted". And if my wife looks at it, it's the other way round.

PS. Maths is not a science

 

[newyorksole]

If you fear for your security, FaceID AND TouchID are poor choices. Go with a very long, secure password. Quit crying.

Thank you! Omg these articles are so annoying. Tired of all these people who allegedly are fearing for their life and security. Don’t use Face ID or Touch ID then!

Have a sneaky girlfriend/boyfriend? That’s on YOU.

Sell drugs and are afraid of police? That’s on YOU.

Doing sneaky weird criminal activity at work. That’s on YOU.

Stop blaming Apple and coming up with asinine scenarios when these features are OPTIONAL.

 

[Rob_2811]

People are just making a fuss over nothing so what if the biggest features of a £/$ 1000 doesn't really work, can these people prove this in court? What is wrong with using a a 15 digit pass code anyway?

This thread

 

[newyorksole]

That’s a good and interesting point.

I think part of the problem is the current training process. While I do like that it is faster than TouchID, I was amazed it didn’t have a lot more substance to it. What about having users make faces, or even scan a few more times? I am totally fine with a longer training process, if the security is higher.

Process could easily be setup with the following

1. Scan your face normally like you currently do
2. Scan your face while smiling
3. Scan your face while making some other type of face
4. Scan in low light
5. Better idea than I can think of.

Sure, keep it setup so it continues to learn, just get a solid baseline first and I think it would resolve some of the problems.

The security IS high. Obviously it is going to improve over time. Apple is fixing it and tweaking it as we speak I’m sure. If Face ID worries people so much then just don’t use it. To think that it isn’t secure or to think that Apple isn’t working on improving it is silly.

 

[Norbs12]

Meanwhile Samsung's version can be fooled by a picture. Not saying that we should give apple a break, just putting a bit of perspective on this.
http://bgr.com/2017/09/05/galaxy-note-8-features-face-unlock-hacked-photo/

 

[Cheesebach]

This seems like a big step backwards. No one was ever able accidentally or otherwise access my phone without my fingerprint. Seems this face ID is less reliable. Also, did I read this correctly that if my spouse or kid manages to get my passcode they can enroll their own faces so they can access the phone?

Sorta not feeling this FACE ID...

How often in your experience has someone other than yourself been able to successfully unlock your phone using Face ID? I'd wager the number is 0. All of these videos have been done immediately after registering a face and/or having someone enter the passcode immediately after a failed attempt. Due to the nature of the adaptive learning, this results in the phone starting to adapt to another users face. However, it doesn't apply to someone trying to break into your phone without your permission, unless you've provided them with your passcode.

Yes, if someone has your passcode they can replace the registered face with their own. At least with Face ID in its current implementation, you'll be aware that this happened when the facial recognition no longer works for you. With Touch ID, someone with your passcode could add their own fingerprint in addition to your own and you'd never know it unless you dug through your settings to find it.

Seems the only people having trouble with Face ID here are the people that don't actually own the phone...

 

[Tech198]

If i could hear it that would be good ....Bring the bloody mic closer

We are all asking for 100% being impossible...

It's technology.. but we treat it as deadlocks and the most secure system on a house.. If we keep asking for 100% in almost all cases, then we will never be happy with anything.

 

[UL2RA]

makes absolute sense. Typing in my 16 digit alphanumeric symbolized password while trying to checkout with apple pay at a register. Make as much as sense as paying $1k+ for a phone.

A Lannister always pays his debts

 

[840quadra]

The security IS high. Obviously it is going to improve over time. Apple is fixing it and tweaking it as we speak I’m sure. If Face ID worries people so much then just don’t use it. To think that it isn’t secure or to think that Apple isn’t working on improving it is silly.

Where did I post that I was worried?

I have reservations about it, so I use it with some caveats. As an aside, I feel there is absolutely nothing wrong with people treating security seriously.

 

[bopajuice]

Maybe Face ID does not work as well on ugly people.... Or worse, maybe if you are too beautiful, the glare from your pearly whites will disrupt the camera...

 

[Rob_2811]

The security IS high. Obviously it is going to improve over time. Apple is fixing it and tweaking it as we speak I’m sure. If Face ID worries people so much then just don’t use it. To think that it isn’t secure or to think that Apple isn’t working on improving it is silly.

Well thats cleared that up then. If Apple says its fine, its fine. Panic over.

Dont worry if you've blown a grand on this phone they'll get it right next year, just give them another $1000.

 

[TechGuy327]

Do we know how the phone was trained, and how much time it was used before it given to her son? If the password was ever entered just before the device saw his face for the first time?

Like the mask, it lacks full context.

Context is for Kings.

 

[dogslobber]

If Face ID fails then the iPhone should auto dial 911 so that the individual who has the phone can be arrested for felony grand larceny and imprisoned for three years in CA.

 

[lazard]

Meanwhile Samsung's version can be fooled by a picture. Not saying that we should give apple a break, just putting a bit of perspective on this.
http://bgr.com/2017/09/05/galaxy-note-8-features-face-unlock-hacked-photo/

ehh...that was already debunked...even the guy who made the original video admitted it.

https://twitter.com/MelTajon/status/907054928597729281

 

[bronksy]

Who cares if it can be fooled when people are doing this...

 

[lazard]

According to the article in Wired, when the mother rescanned her face in better lighting, her son was not able to unlock the phone. Anyway, this is first gen tech. Imagine the 2nd or 3rd gen of FaceID!

At WIRED's suggestion, Malik asked his wife to re-register her face to see what would happen. After Sherwani freshly programmed her face into the phone, it no longer allowed Ammar access. To further test it, Sherwani tried registering her face again a few hours later, to replicate the indoor, nighttime lighting conditions in which she first set up her iPhone X. The problem returned; Ammar unlocked the phone on his third try this time. It worked again on his sixth try.

 

[wikiverse]

The entire situation smells fishy. Add this quote in and it proves it’s fake. If he gets in once, it learns his face better. Not rejects it later.

This comment assumes that FaceID is both accurate and perfect. This particular case demonstrates that FaceID doesn't learn properly, that lighting conditions DO matter, and that FaceID can be fooled unintentionally.

 

[jweinraub]

If you fear for your security, FaceID AND TouchID are poor choices. Go with a very long, secure password. Quit crying.

100% agree. I use a very long password to unlock my phone. Sure it is annoying but definitely more secure than a four and now six digit numerical code. I just wish it used FaceID to unlock TouchID jointly. Probably iPhone XI...

 

[smalm]

Now they know for sure he is really their child and was not replaced with another baby at the maternty unit

 

[SashJ]

This video is

Maybe first pass was trained with mother and second pass was trained with son? That could trip Face ID up

This is correct. The setup process requires 2 facial scans. If each person scans their face once, you can fool the system into believing they are both the same face. Their are multiple users who have already mentioned this.

 

[WolfSnap]

At WIRED's suggestion, Malik asked his wife to re-register her face to see what would happen. After Sherwani freshly programmed her face into the phone, it no longer allowed Ammar access. To further test it, Sherwani tried registering her face again a few hours later, to replicate the indoor, nighttime lighting conditions in which she first set up her iPhone X. The problem returned; Ammar unlocked the phone on his third try this time. It worked again on his sixth try.

That means he entered the passcode. FaceID only give five tries before you must put in the passcode.

They’re TRAINING FaceID when they do that. Dumb.