10-Year-Old Unlocks Face ID on His Mother's iPhone X as Questionable Mask Spoofing Surfaces

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Nov 14, 2017.

  1. dude-x macrumors regular

    Mar 2, 2007
    New York City
    It may not make sense that ambient lighting affects the quality, but it may make sense that it uses the TrueDepth sensor and the FaceTime HD camera to discern details other than depth.

    I notice my X has a few failures in unlocking when I turn off the lights in my bedroom and the distance is right.
  2. newyorksole macrumors 68040

    Apr 2, 2008
    New York.
    Lmao I’m sure people give Apple WAY more more than that on the other products they buy. Face ID IS secure. Do you ever leave your phone around randomly and worry that someone with a 3D model of your face can get into it? No.

    Someone can also guess your passcode too. Are you worried about that? All of that people that I demoed Face ID for are NOT able to get into my phone.

    Stop making it sound like Face ID isn’t secure.
    --- Post Merged, Nov 14, 2017 ---
    It seems like everyone is so worried and up in arms because apparently if you leave your phone laying around someone can use a 3D model of your face and *possibly* get into it. It just sounds ridiculous.

    If someone sat around randomly typing in my 6 digit passcode then that can be just as “insecure” as me leaving my phone somewhere and someone going thru the hassle of printing a 3D image of my face.
  3. califlorida macrumors member

    Dec 3, 2012
  4. Benjamid macrumors member


    May 15, 2016
    Hmm, no biggie for me. It is a bit worriesome though since you can guess how might be able to unlock your phone based on looks while with touch id you would have to find someone totally random. For example if got Hilary Clintons phone I would have to find a doppelganger of her. Seems much easier than looking randomly for someone with a similar fingerprint.
  5. kstotlani macrumors 6502

    Oct 27, 2006
    This is the right question. It’s a great technology but was it needed. It’s inventing a space pen when a pencil would have been fine. Only if Face ID leads to some sort of augmented reality projection of your face etc. but I don’t think this technology is there yet. If the true depth camera system is only a way of authenticating then there was no need for such a system which led to that ugly notch. I love Apple but some decisions like the touch bar on Mac and now Face ID don’t seem completely thought out. I know Face ID is here to stay at least for the next 2-3 generations but if there aren’t more applications for it then this was just a forced technology. Some times it would be good if Apple execs really gave non cryptic interviews of the vision of a product.
  6. Wowereit macrumors 6502a

    Feb 1, 2016
    I have managed to scan 2 faces.
    Did take about 7 or 8 tries until it worked, but at the end both were able to unlock the device in some cases.
    Was that working reliable? No.
    Was it working good enough to make a video after a few fails? Sure.
  7. Unregistered 4U macrumors 6502

    Jul 22, 2002
    Sounds like a sure fire million views money making opportunity to me!!
  8. BvizioN macrumors 601


    Mar 16, 2012
    Manchester, UK
    On the opposite side, haters would do the opposite thing. Portray Face ID as a faliure based on a YouTube video. And they really love that, don’t they?
  9. C DM macrumors Westmere

    Oct 17, 2011
    It's fun to just ignore pages and pages of discussion.
  10. bmwman3241 macrumors regular

    Oct 13, 2009
    I am able to unlock both of my dads iPhone X's with FaceID. One works flawlessly and unlocks every time and one takes a few tries.
    Had him try to unlock my iPhone X with FaceID but no luck.
  11. FelixDerKater Contributor


    Apr 12, 2002
    Nirgendwo in Amerika
    In an optimum setting, both FaceID and TouchID would have been combined for layered security...
  12. uiterlix macrumors newbie


    Jul 25, 2016
    Is it that hard to put your finger on the home button? Glad Apple finslly sorted that then...

    This thread is another typical adopters versus non-adopters discussion, with the adopters fiercely defending their purchase and the non-adopters their postponed or non-existent purchasing intents. All just a waste of enery, as is this reply...
  13. charlituna macrumors G3


    Jun 11, 2008
    Los Angeles, CA
    Cook said in the keynote that family members could end up matching on each others phones, especially twins etc. so this kid and Mom matching is not really a shock.

    and given that the mask was made to look like the guy it was basically a twin scenario and again not a shock
  14. thering1975 macrumors regular


    Jun 5, 2014
    With reference to the mask test. Doesn't matter how close it looks to the originator the point it makes them appear like a twin should be irrelevant

    Apple states

    "Face ID matches against depth information, which isn’t found in print or 2D digital photographs. It's designed to protect against spoofing by masks or other techniques through the use of sophisticated anti-spoofing neural networks"

    So I guess that's just a load of Pr bull which is forgotten if proven incorrect
  15. ascender macrumors 68020

    Dec 8, 2005
    There's clearly going to be gangs of under 12s rampaging the streets looking for iPhone X's to steal and break in to. Be on your guard people!
  16. sdz macrumors 6502

    May 28, 2014
    People behind you will love you
  17. himanshumodi macrumors regular


    May 18, 2012
    Isn't the face scanning Infra red and independent of the lighting conditions?
  18. savvycomdev macrumors newbie


    Nov 15, 2017
    Hm, I dont know what is true or false, but BKAV explain for this hack technique:

    • Require Attention.
    • FaceID only receives the mask at a fixed angle, you change it is no longer recognizable. This is understandable because the security nature of FaceID is still very good
    • The BKAV says they are only trying to show that FaceID has a potential vulnerability, the proof of concept, but the actual attack will be difficult because it requires a variety of factors, The machine comes to prototype and test, lighting conditions. They have built some possible attack scenarios with FaceID but will not share them with the public but only share them with the manufacturer to fix them.
    • When I try to use a new iPhone completely learning the surface of the owner and then scan the mask it does not receive. BKAV said it would receive it but they would have to re-calibrate the mask or adjust the angle of the iPhone accordingly. This can also be understood as mentioned above. According to the BKAV, it took them 3 days to create the final mask, successfully testing all but 8-9 hours now. It may be shorter.
    • Thursday, I tried reset FaceID, so it scanned the mask as a sample instead of scanning people. This will get the mask but not the person. This shows FaceID is wrong right from the sampling operation, as it should not allow masking. Actually, this does not affect the use, because no one is going to take the mask to be the sample, just try it.
    • Lastly, for your question about whether BKAV has an iPhone X mask to cheat people or not, I think not. Because when we try to learn the mask, the iPhone X will unlock in many different angles, while their demo only get in the right place.
    ANyone test it and show your opinion?
  19. smacrumon macrumors 68030


    Jan 15, 2016
    Well if that is the case, clearly you can see the FaceID system is completely flawed. Following the same method with a TouchID device will not allow someone to unlock it.

    What I would like is an iris scan if its safe. It would be similar to FaceID in its method of use, but just like TouchID, the iris is unique and not easily fooled like the FaceID.
    --- Post Merged, Nov 15, 2017 ---
    It's not a very good system, too many caveats, too finicky to set up.
    IrisID. Now that would be best.
  20. Fiachers macrumors member

    Dec 27, 2016
    Actually you pretty much can, if you use TouchID. You're just avoiding the substance of the point here, which is that FaceID is not nearly as secure as we have been led to believe.

    --- Post Merged, Nov 15, 2017 ---
    Crafting a fake thumb to fool Touch ID is one thing. A family member's face unlocking Face ID is another.
  21. DeepIn2U macrumors 603


    May 30, 2002
    Toronto, Ontario, Canada

    Moreover I’m curios how many or less success, if we agree these instances are 100% legit, occur as the Bionic chip learns more of the authorized face to unlock. I’m hoping further review of those that posted these failed videos are done.
  22. djgamble macrumors 6502a

    Oct 25, 2006
    Or a password (including a 4 digit number). I dunno if the tech has improved but if it’s anything like iPhoto’s, then a cardboard cut-out of Obama can unlock my friend’s phone. And uuum... yeah... my brother could unlock my wife’s (he’s Italian and in his 40’s, she’s Vietnamese and in her 20’s FWIW).
  23. Marshall73 macrumors 65816


    Apr 20, 2015
    Flawed? You need to put your code in. and it only temporarily remembers the additional data if the code is entered immediately after the failure.
  24. Ploki macrumors 68020

    Jan 21, 2008
    it's new tech. First iteration of touchID compared to iPhone 8 or 7 is abyssmally slow and inaccurate. + you can always use a pass if you're so concerned.

    also, this is not supposed to be a vault lock.
  25. Sevendaymelee macrumors 6502


    Mar 27, 2016
    And touch ID not as secure as a password. But it's faster, right? That's all consumers ever care about... convenience. It's the holy grail.

Share This Page