Face ID Appears to Fail at Telling Apart Brothers Who Aren't Twins in New Videos [Updated]

[Djentleman]

I mean, I'm not worried about Face ID either. I think it'll be fine, and 99% of the people who are giving this any thought are people who don't have anything THAT secure that they should be over-thinking this.

But when you say, "I never once doubted the security of FaceID," that sounds like you were certain it would be great as soon as it was announced. I mean, the odds were good, but I personally am not one to put blind faith that iteration #1 of something will be flawless.

I guess I put a lot of faith in a company that's built a reputation for taking their time to refine something other companies shoved out in a rush before. That and the first impressions from users were extremely promising.

Maybe saying "I never doubted them" was a little heavy handed, but I wasn't implying I think Apple are perfection in all they do. But throwing out all the positive feedback and reviews because of a couple dubious "failed" tests, is a bit much.

 

[thelookingglass]

I still haven't seen proof a sibling (non twin) unlocking the phone after properly setting it up and not overriding the FaceID lockout with a passcode multiple times.

Show me uncut footage of setup process with the same face, zero passcode unlocks with failed face, and immediate unlock by non twin brother.

EVEN if this does happen, it's still your brother and probably would be "learned" out of FaceID over a few days and more data.

Can Apple improve the tech? I'm sure, but this is the future. It's simply too good even as a 1.0.

EXACTLY. These videos are absolute horsesh*t and infuriating. I'm not affiliate with Apple in any way whatsoever, but as a LOGICAL matter, there is no issue here. Engineering a scenario where a second person knows your PIN renders biometric authentication irrelevant. Your PIN is essentially the lock to your phone. Biometric authentication is just a more convenient way of entering the PIN. If someone, like a brother, knows your PIN, then your iPhone X is assuming that the person who keeps on entering the CORRECT PIN is actually you. So it then attempts to re-learn your face. That's called one hell of a SMART algorithm.

If one brother does not have the other brother's PIN, then Face ID will not unlock. If one brother DOES have the other brother's PIN ... then why the f are we having this discussion at all?

Sorry, stuff like this just makes me steaming mad because your average person will not think this through logically and will simply run with this BS.

 

[Djentleman]

EXACTLY. These videos are absolute horsesh*t and infuriating. I'm not affiliate with Apple in any way whatsoever, but as a LOGICAL matter, there is no issue here. Engineering a scenario where a second person knows your PIN renders biometric authentication irrelevant. Your PIN is essentially the lock to your phone. Biometric authentication is just a more convenient way of entering the PIN. If someone, like a brother, knows your PIN, then your iPhone X is assuming that the person who keeps on entering the CORRECT PIN is actually you. So it then attempts to re-learn your face. That's called one hell of a SMART algorithm.

If one brother does not have the other brother's PIN, then Face ID will not unlock. If one brother DOES have the other brother's PIN ... then why the f are we having this discussion at all?

Sorry, stuff like this just makes me steaming mad because your average person will not think this through logically and will simply run with this BS.

That's a bingo! But seriously, THIS.

 

[john123]

I guess I put a lot of faith in a company that's built a reputation for taking their time to refine something other companies shoved out in a rush before. That and the first impressions from users were extremely promising.

Maybe saying "I never doubted them" was a little heavy handed, but I wasn't implying I think Apple are perfection in all they do. But throwing out all the positive feedback and reviews because of a couple dubious "failed" tests, is a bit much.

Got it. Fair enough. I tend to agree with you, although I am quite a bit less happy with Apple in the last couple years than I have been historically. But yes, I would not expect them to ship something so dramatically different and not have it work reasonably well.

 

[Baymowe335]

EXACTLY. These videos are absolute horsesh*t and infuriating. I'm not affiliate with Apple in any way whatsoever, but as a LOGICAL matter, there is no issue here. Engineering a scenario where a second person knows your PIN renders biometric authentication irrelevant. Your PIN is essentially the lock to your phone. Biometric authentication is just a more convenient way of entering the PIN. If someone, like a brother, knows your PIN, then your iPhone X is assuming that the person who keeps on entering the CORRECT PIN is actually you. So it then attempts to re-learn your face. That's called one hell of a SMART algorithm.

If one brother does not have the other brother's PIN, then Face ID will not unlock. If one brother DOES have the other brother's PIN ... then why the f are we having this discussion at all?

Sorry, stuff like this just makes me steaming mad because your average person will not think this through logically and will simply run with this BS.

People can no longer think critically or can even be expected to read facts. They say a video and say, see...failed.

Some dude here said iris scanning is more secure, he just said it likes it’s a fact, literally based on nothing other than twins might have a different iris? He ignores that iris has been beaten by photos and literally no facts exist on its claimed probability for failure. At least Apple said 1 in 1,000,000 and published detailed description about the tech.

 

[mib1800]

There are two ways to look at this:

1. Face ID training is a two-step process. If, in the second step, the software determines that the phone is pointed at a different face than in the first, it probably should provide a message and abort the training. I think that there should be very little latitude while Face ID is being trained.
2. Anyone who purposely presents two different faces during training shouldn't complain that their phone will be less secure going forward, although they may complain that the software didn't detect this as in #1.

I disagree with your exact matching comment. Yes, a passcode must be identical to the one set for the device to work—being one digit off doesn't cut it. But for fingerprint or iris scanning, it's possible to adjust the threshold that must be achieved to qualify as a match.

But the threshold for errors is much smaller for fp / iris . Your stored setup pattern is the same as what you present to unlock. (i.e. use a finger/eye to setup - you present your eye/finger to unlock). For faceid, you setup using a face and faceID has to approximate and determine whether variations (i.e. with glasses, hat, different angle, semi concealed) of that face are valid for unlock or not. There is a much bigger margin of errors leading to false positives (and possible unsecure)

 

[Iconoclysm]

There is no way to verify whether that's the case. But even that explanation holds some water, it just show there are weaknesses in the system when it got tricked that way.

Seems to me that the face id detection algorithm uses a lot of approximation to determine authenticity. When approximation is used, chances of tricking it is much more easy. Unlike passcode or fp or iris which need exact matching.

These two brothers admit that this is what they did, they provided an explanation video after. Your assumptions about approximation are not founded here. You can fool TouchID if you mess with its setup process all the same. Someone here mentioned putting 5 fingerprints into one fingerprint save by switching them over and over during the setup. That's essentially what happens in this case. And the chances of tricking this are far, far less as has already been mentioned.
[doublepost=1510134472][/doublepost]

I mean, I'm not worried about Face ID either. I think it'll be fine, and 99% of the people who are giving this any thought are people who don't have anything THAT secure that they should be over-thinking this.

But when you say, "I never once doubted the security of FaceID," that sounds like you were certain it would be great as soon as it was announced. I mean, the odds were good, but I personally am not one to put blind faith that iteration #1 of something will be flawless.

Cut him some slack here, he's referring to this situation. Did you honestly believe that Apple would release something this easy to crack when they insure more NFC purchases than any company in the world? The security of this product leaves them more vulnerable than even its own users.
[doublepost=1510134647][/doublepost]

EXACTLY. These videos are absolute horsesh*t and infuriating. I'm not affiliate with Apple in any way whatsoever, but as a LOGICAL matter, there is no issue here. Engineering a scenario where a second person knows your PIN renders biometric authentication irrelevant. Your PIN is essentially the lock to your phone. Biometric authentication is just a more convenient way of entering the PIN. If someone, like a brother, knows your PIN, then your iPhone X is assuming that the person who keeps on entering the CORRECT PIN is actually you. So it then attempts to re-learn your face. That's called one hell of a SMART algorithm.

If one brother does not have the other brother's PIN, then Face ID will not unlock. If one brother DOES have the other brother's PIN ... then why the f are we having this discussion at all?

Sorry, stuff like this just makes me steaming mad because your average person will not think this through logically and will simply run with this BS.

These people who do not understand need to be made to understand and then shamed across the internet lol. They're on freaking tech blogs for crying out loud. And they have the technology IQ of my grandmother, the one who thought I would go blind if I sat too close to the TV when I was a kid. And ironically, but also stupidly, they think Apple's customers don't understand technology. It's frustrating on one hand for me, but if I were them and I were proven wrong this many times I think I might learn to shut up and be more reasonable.
[doublepost=1510135013][/doublepost]

But the threshold for errors is much smaller for fp / iris . Your stored setup pattern is the same as what you present to unlock. (i.e. use a finger/eye to setup - you present your eye/finger to unlock). For faceid, you setup using a face and faceID has to approximate and determine whether variations (i.e. with glasses, hat, different angle, semi concealed) of that face are valid for unlock or not. There is a much bigger margin of errors leading to false positives (and possible unsecure)

This is wrong. Fingerprint scanning and iris scanning are not actually grabbing a high quality scan of the subject. FaceID is capturing far, far more data points across a huge surface. It only requires a smaller portion to match and still have more accuracy. It's not approximating the hat, it's ignoring it because it has enough data from the rest of the face to still be 1:1000000 accurate. It sees right through glasses and scans from multiple angles. It then builds on that every single time you log in, getting more and more accurate with each little piece of your face.

 

[Bacillus]

Given their understanding of the world, these guys may have mixed-up their identities themselves.

 

[Phonephreak]

Of course you do, you can’t handle a little criticism towards Apple?

He must be on apples payroll. Preaches far to hard otherwise.

 

[Iconoclysm]

He must be on apples payroll. Preaches far to hard otherwise.

This isn't criticism, it's unfounded FUD...and it was wrong, as was pointed out over and over.

 

[preetb]

Since I'm sure nobody will run a follow up story....here's the proof, many of us here were right all along. These people fooled FaceID by using multiple faces for unlocking, creating an amalgamation of both faces in the database. How many of you were misled by this? And resorted to assuming it was a "problem" with FaceID? You should feel ashamed.
http://bgr.com/2017/11/06/iphone-x-face-id-brothers-fail-explanation/
[doublepost=1510103096][/doublepost]

THere was hacking, they hacked the setup process....
[doublepost=1510103186][/doublepost]

Yeah, you're dead wrong. It uses machine learning to improve each time, as you age, as you gain or lose weight, etc. In fact, this is spelled out in a million places...how you missed it is beyond me.

Sorry Icono but it's you who's dead wrong. You obviously don't know how machine learning in FaceID works. It trains the neural nets ONCE, sport. It doesn't train each time you use it. That's why FaceID isn't for kids below the age of 13 because they change too over a year: http://money.cnn.com/2017/09/27/technology/business/apple-iphonex-faceid/index.html

Machine learning comes in all sorts of flavors and most systems don't learn continuously which what you ignorantly yet arrogantly suggested.

 

[Nhott]

Sorry Icono but it's you who's dead wrong. You obviously don't know how machine learning in FaceID works. It trains the neural nets ONCE, sport. It doesn't train each time you use it. That's why FaceID isn't for kids below the age of 13 because they change too over a year: http://money.cnn.com/2017/09/27/technology/business/apple-iphonex-faceid/index.html

Machine learning comes in all sorts of flavors and most systems don't learn continuously which what you ignorantly yet arrogantly suggested.

I’m not trying to call anyone right or wrong, merely spreading information.
Apple flat out stated, “If there is a more significant change in your appearance, like shaving a full beard, Face ID confirms your identity by using your passcode before it updates your face data.” Every time you look at the phone and have to enter the passcode it updates the data. It does in fact learn by design.
https://support.apple.com/en-us/HT208108

 

[Baymowe335]

Sorry Icono but it's you who's dead wrong. You obviously don't know how machine learning in FaceID works. It trains the neural nets ONCE, sport. It doesn't train each time you use it. That's why FaceID isn't for kids below the age of 13 because they change too over a year: http://money.cnn.com/2017/09/27/technology/business/apple-iphonex-faceid/index.html

Machine learning comes in all sorts of flavors and most systems don't learn continuously which what you ignorantly yet arrogantly suggested.

Wrong, even according to Apple.

 

[preetb]

I’m not trying to call anyone right or wrong, merely spreading information.
Apple flat out stated, “If there is a more significant change in your appearance, like shaving a full beard, Face ID confirms your identity by using your passcode before it updates your face data.” Every time you look at the phone and have to enter the passcode it updates the data. It does in fact learn by design.
https://support.apple.com/en-us/HT208108

That isn't continuous learning. When you stump FaceID, it will be stimulated to *relearn your face*. Then the neural nets will create a *NEW* model based on your new appearance. It doesn't learn EACH time you turn on FaceID.

 

[Bacillus]

That isn't continuous learning. When you stump FaceID, it will be stimulated to *relearn your face*. Then the neural nets will create a *NEW* model based on your new appearance. It doesn't learn EACH time you turn on FaceID.

Neural nets ? Who/where are those ?

 

[Iconoclysm]

Sorry Icono but it's you who's dead wrong. You obviously don't know how machine learning in FaceID works. It trains the neural nets ONCE, sport. It doesn't train each time you use it. That's why FaceID isn't for kids below the age of 13 because they change too over a year: http://money.cnn.com/2017/09/27/technology/business/apple-iphonex-faceid/index.html

Machine learning comes in all sorts of flavors and most systems don't learn continuously which what you ignorantly yet arrogantly suggested.

Yeah man, you are completely wrong. Go do some research on how FaceID works. I think I might know a thing or two about machine learning but I'm not going to bother.

FYI, Apple claims it will be inaccurate, they don't claim that it will just not work. For all we know, the aging child might create a face map that has so many varying points it would recognize anyone.

[doublepost=1510428324][/doublepost]

That isn't continuous learning. When you stump FaceID, it will be stimulated to *relearn your face*. Then the neural nets will create a *NEW* model based on your new appearance. It doesn't learn EACH time you turn on FaceID.

Nope, "sorry sport". It uses the new model in combination with old models, go read the white paper and stop trying to prove how "right" you are.

 

[mi7chy]

Fake ID failing the evil twin test would open the door to bypassing security with a good disguise. Someone has now proven that with a mask. Not even a full mask but a partial one is sufficient.

 

[AsherN]

I don’t understand how Touch ID can only be accurate to 1 in 50k when everyone on the planet has a unique fingerprint. I think Apple have made that up to make Face ID seem more secure than it actually is.

Because the fingerprint itself is not stored. Something akin to a hash is. And it is possible that different fingerprints produce the same hash.

FaceID is the same. It's not comparing a literal picture of your face.