Apple's Craig Federighi: Uncertainty About Face ID Will 'Melt Away' Once People Get iPhone X

[Brammy]

The fact that authorities can unlock your phone by pointing it at you and saying, "What's this?" as you look up at it while detained in handcuffs is enough for any reasonable person to realize this is the biggest security blunder in the history of technology.

Criminals, and people who need this level of security should disable the biometric security. Granted, jails are full of stupid criminals.

When freinds headed to a protest asked me for advice, this is what I told them:

• Leave your phone at home as a first line of defense.
• If you do need to bring it, power it off. Ideally, I'd also stick it in some sort of a Faraday cage, but lets be realistic.

Those two pretty much get you around stingray devices, GSM spoofing, and resets all of the biometric sensors.

Most of us don't run afoul of law enforcement or criminals. For people for whom this is a more likely scenario need to adjust their personal security likewise.

 

[KB24Slam]

I don't understand the obsessing over the "notch". If something that minuscule bothers you that much, you've got some stuff to work out upstairs. It's not even close to a big deal.

 

[MH01]

When you say "buying someone" do you mean a slave, or are you talking about a red-light district situation?
[doublepost=1505586768][/doublepost]
It kind of did. Apple got rid of the iconic swipe-to-unlock feature.

You are right

 

[Brammy]

Touchid did not do away with the home button and change the way you interacted with your device . Major difference here.

So, here's the thing. Change happens.

For people who don't like the changes in iPhone X, Apple provides the 8. Which is a pretty damn good upgrade and works the same as previous phones.

 

[citysnaps]

The fact that authorities can unlock your phone by pointing it at you and saying, "What's this?" as you look up at it while detained in handcuffs is enough for any reasonable person to realize this is the biggest security blunder in the history of technology. The only way to fix it is to sense when a user is no longer in contact with the phone (like the Apple Watch) and auto-lock.

Which law enforcement can do after submitting a search warrant application articulating probable cause that a crime was committed to a judge, who would then need to agree with the case being made and then sign the search warrant, before any examination of the phone's contents looking for evidence in support of the crime. Similar to the police wanting to search your home, business, bank records, telecom records, safe deposit box, car, etc.

I have no problem with that.
[doublepost=1505587758][/doublepost]

Touchid did not do away with the home button and change the way you interacted with your device . Major difference here.

That's true, but does not speak to the issue the poster I was responding to brought up.

Fortunately, there are a lot of choices in the mobile phone world. Purchase what meets your requirements and needs.

 

[WatchFromAfar]

Yeah but you don't realize that what you really want is for Apple to think like you want, so your point is moot. Who advocated "think different" is the same who said "give users what they need not what they want", so as far as company culture goes, there is coherence.
[doublepost=1505557229].

[QUOTE="AceFernalld, post: 25042136, member: 168420"]What? Why would you add them?? Just think about it. Say you have set your phone so that both TouchID and FaceID need to authenticate you before it lets you in.

Now somebody picks your phone up, and there’s a 1 in 50,000 chance they match your TouchID. Now that they’re past that, they have a 1 in 1,000,000 chance of fooling the FaceID.

It’s basic probability: to find the probability of two independent events happening at the same time, you multiply their probabilities together.[/QUOTE]
Because nothing exists in the World in which we live that has both TouchID and FaceID. Stop thinking there does and making calculations based on two non-concurrent entities.

 

[Rogifan]

When has Gruber ever asked a tough question to anyone at Apple? He, Rene Ritchie at iMore and Jim Dalrymple always soft-ball questions to Apple and stick to pre-screened questions so they can continue to get pre-release hardware & get invited to events.

As far as I know Rene Ritchie doesn’t get pre release hardware.

 

[twintin]

Even without the keynote fail, FaceID just doesn't seem to work as well as TouchID.

What do you base that on ?

 

[Brammy]

As far as I know Rene Ritchie doesn’t get pre release hardware.

He gets review hardware. Which is what I assume the poster was referring to.

 

[subjonas]

FaceID may have a far lower error rate than TouchID (1 in 1,000,000 vs 1 in 50,000, was it?) but I assume those figures are for honest errors. If so, how do the figures change if you are actually targeted? In other words, which of the two biometric methods are easier to fool purposely? The face has more data points but it's also very public, whereas it's very difficult to get access to someone's fingerprint. Anybody have any info on this?

I propose for supreme security: facial expression code. Change your expression from sad to angry to happy and your phone unlocks. No one could fool your phone then except maybe Jim Carrey.

It’s uncanny how similar this has been to 2013 with the initial Touch ID launch.

Can’t wait to start using Face ID instead of Touch ID.

It's like this with every new technology... Mac, iPhone, Apple Watch, and even iPhone X. Instead of keeping an open mind, some people's first instinct is to assume the worst and try to discredit it. They never learn.

I agree that people should reserve judgment, seeing as Apple has a pretty good track record with these sorts of things. That said, they're not always right. People should be allowed to have some level of skepticism because every situation is different, also because security is involved. In comparing FaceID to TouchID, one difference I see is that TouchID didn't replace anything. People only had lock codes (or they didn't lock their phones) and it was a new convenience option. FaceID replaces that tried and true convenience option, so it's only natural for people to question. But yes, they should reserve judgment.

 

[citysnaps]

FaceID may have a far lower error rate than TouchID (1 in 1,000,000 vs 1 in 50,000, was it?) but I assume those figures are for honest errors. If so, how do the figures change if you are actually targeted? In other words, which of the two biometric methods are easier to fool purposely? The face has more data points but it's also very public, whereas it's very difficult to get access to someone's fingerprint. Anybody have any info on this?

...

A two-dimension photograph will not work. That's because the image of your face stored in your phone when it's first set up, is a three-dimension mapping that includes depth information (distance from tip of nose to earlobes, as just one of many examples), which is lost in a two-dimension photograph.

 

[caesarp]

The fact that authorities can unlock your phone by pointing it at you and saying, "What's this?" as you look up at it while detained in handcuffs is enough for any reasonable person to realize this is the biggest security blunder in the history of technology. The only way to fix it is to sense when a user is no longer in contact with the phone (like the Apple Watch) and auto-lock.

LOL. I've never been detained in handcuffs and don't plan to be. If I am, my phone is not my biggest concern.

 

[subjonas]

A two-dimension photograph will not work. That's because the image of your face stored in your phone when it's first set up, is a three-dimension mapping that includes depth information (distance from tip of nose to earlobes, as just one of many examples), which is lost in a two-dimension photograph.

I know it's 3D, but with enough access to someone's face (either through many photographs or video or just seeing them in person everyday), it might be possible to compile the data and create a 3D mask. Obviously not a concern for most people considering the lengths it would take someone to do this. I might be concerned if I was a big celebrity or something.

 

[john123]

How do you figure? If you needed to be authenticated by both before unlocking, someone would need both a matching face and fingerprint.

With independent events P(A and B) = P(A) * P(B)

Good job trying to make me feel dumb though!

Haha, sorry about that, I misread your original post and got hung up on your word "choice" in the previous sentence. Facepalm retracted.

 

[BSben]

I thought the idea of getting rid of the floppy drive was insane, then I thought getting rid of the optical drive was insane. Now I think getting rid of touch ID is insane. I assume I'm wrong again.

Add the headphone jack to the list too, my devices still have one, but since AirPods have arrived and yet another set of Atomic Floyd headphones died due to a problem with the cable just above the headphone jack connector (I had the same problem with ANY wired headphones I ever had) I have never used them again.
Anyway, I have concerns about Face ID but am sure that I will in the end agree that it is the way forward, I just need to play with it for a while.

 

[citysnaps]

I know it's 3D, but with enough access to someone's face (either through many photographs or video or just seeing them in person everyday), it might be possible to compile the data and create a 3D mask. Obviously not a concern for most people considering the lengths it would take someone to do this. I might be concerned if I was a big celebrity or something.

That would require a Herculean effort to collect a ton of data, followed by a ton of processing, which would still produce many ambiguous potential solutions, each of which would require a 3D model to test against.

You would also need the subject's phone and you only get 5 tries. And that's assuming you could do all of the above modeling within the few days of phone inactivity available before it goes into passcode-only mode. In the meantime, I suspect the phone's owner would have locked (and wiped) the device remotely.

In other words, you won't be pulling that off.

 

[Brammy]

LOL. I've never been detained in handcuffs and don't plan to be. If I am, my phone is not my biggest concern.

I've never been handcuffed, but I have been frisked. In this case, yes, any sort of "just do <blank> before handing over the phone" is lost. The cop will remove the phone from your possession.

From what I have read, a cop does not require a search warrant to force you to place your finger on the TouchID, but he does to force you to unlock it via the passcode. I am assuming the same to be the case with FaceID. One thing I thought if is that it's possible a cop looking at the phone might trip the timeout all on his or her own.

 

[Mac 128]

Which law enforcement can do after submitting a search warrant application articulating probable cause that a crime was committed to a judge, who would then need to agree with the case being made and then sign the search warrant, before any examination of the phone's contents looking for evidence in support of the crime. Similar to the police wanting to search your home, business, bank records, telecom records, safe deposit box, car, etc.

I have no problem with that.

For starters, they'd have to prove to a judge that there was likely to be relevant information on the phone, which is by no means the case. Now, granted after another year of Trump appointees, the judges will likely allow searches if the suspect has an "I'm with her" bumper sticker on their car. But even then, there's going to be a great deal of scrutiny around the investigation of the phone.

In the OP's scenario, a single cop could unlock the phone during a traffic stop, and easily plant information on it that supports his agenda. And maybe he doesn't even have to. All it takes is a cute picture of a young nephew or niece snapped by a relative at bath time and text to you, for charges of child pornography to be levied. Again, it all depends on the agenda of the arresting cop. That's the danger here. While you may not think you have any reason to be treated this way by law enforcement, there are many this could affect. But that's also why the feature can be easily disabled -- if there's time. The second option, of just not looking at the phone, is a good way to have an "accident" on your way to the police station. And frankly I'd like to meet the person who can keep their eyes closed the entire time if arrested and detained.

 

[Karma*Police]

I agree that people should reserve judgment, seeing as Apple has a pretty good track record with these sorts of things. That said, they're not always right. People should be allowed to have some level of skepticism because every situation is different, also because security is involved. In comparing FaceID to TouchID, one difference I see is that TouchID didn't replace anything. People only had lock codes (or they didn't lock their phones) and it was a new convenience option. FaceID replaces that tried and true convenience option, so it's only natural for people to question. But yes, they should reserve judgment.

Healthy skepticism is great and welcomed. Irrational, vitriolic, ignorant statements are not.

 

[Jsameds]

TouchID Mk II

 

[jerry333]

I still don't get how Apple thought that FaceID was a good idea, a regular passcode is more secure!

If it's a good password, that's true. However, unless forced to do otherwise most people's passwords are in the top 500 easily guessed list, or they are name1 or Michael for someone usually called Mike. Also a good password is difficult to remember, long, and you can't keep it in keychain to open your device without you having to remember it. I suspect that 95% of people will be more secure with FaceID then they will be with passwords.

Touch ID is no more convenient. Today, as an example, I went to open my iPhone and the first touch brought up the payment screen, the second touch brought up the password screen, and the third touch actually opened the phone. So I don't want to hear how Touch ID is so much superior--it's going to depend upon the circumstances. At worst they will have the same amount of inconvenience, albeit at different times. At best FaceID will be a lot better.

 

[subjonas]

That would require a Herculean effort to collect a ton of data, followed by a ton of processing, which would still produce many ambiguous potential solutions, each of which would require a 3D model to test against.

You would also need the subject's phone and you only get 5 tries. And that's assuming you could do all of the above modeling within the few days of phone inactivity available before it goes into passcode-only mode. In the meantime, I suspect the phone's owner would have locked (and wiped) the device remotely.

In other words, you won't be pulling that off.

Regarding making the model, yeah I imagine it would be difficult. But who knows with special effects and 3D printing, maybe it won't be long until that technology becomes accurate enough and accessible.

Regarding your other points, one would of course have to have the model face ready to go, then steal the phone, turn it off so that it can't be remotely wiped, and bring it somewhere with no data reception to do the face scan.

But again this would only ever happen to high value targets like big celebrities. I'm just posing theoreticals. I think it's important to do when security is involved.

 

[EvilEvil]

Face ID will be the next Siri.

The notch will be removed in next year's iPhone X-2 and be called an "innovation".

 

[Brammy]

Regarding making the model, yeah I imagine it would be difficult. But who knows with special effects and 3D printing, maybe it won't be long until that technology becomes accurate enough and accessible.

They addressed the model making at the event. And, lets be honest, SOMEONE in the special effects business is going to try this.The mask will also fail the sensor that needs to detect it is being looked at. I’m not sure how the mapping works for general retina detection: can it detect it is my eyes, or just that eyes are looking at it?

The mask is too high tech a solution, anyway. A quick trip to the power tools section of Home Depot can yield much more efficient means for under $50.

 

[617660]

What do you base that on ?

Based that on the fact thatT ouchID device is ready to use by the time you look at it. Whereas FaceID only starts to unlock ...