Video shows 10-year-old unlocking mother's iPhone X via Face ID

135

Comments

  • Reply 41 of 96
    mike1mike1 Posts: 1,760member
    ben20 said:
    That is bad. Kids will always try to get into phones/iPads to play with them, delete a few apps apps, check your notification etc. But you can't setup your spouse as second user on it? 
    Through the passcode.
  • Reply 42 of 96
    dysamoria said:
    I love seeing all the Apple fans rushing to blame the users... you know, the target audience for these devices.
    I don't get your point. Are you saying Apple = Apple Fans?

    If so..... (nah, I don't want to get banned)...
    magman1979muthuk_vanalingam
  • Reply 43 of 96
    That kid is one in a million!
    napoleon_phoneapartrandominternetpersonGG1radarthekatavon b7pscooter63
  • Reply 44 of 96
    dewmedewme Posts: 1,787member
    gatorguy said:
    dewme said:
    i’d like to know how long it was from the time it was initially configured to her face. 
    Yes, and I'd also like to see whether the phone was trained to accept the son's face ahead of time. Not trying to defend or refute the claim that the video implies, but I'd like to see the experiment repeated starting at the very first initialization/training steps and proceeding to the son attempting to unlock the phone with the phone never having seen his face before. It's insufficient to reach a conclusion in this case without having any semblance of it being a controlled experiment. 
    All you had to do was read the source article. The phone was reset multiple times to test Face ID initializing and use under different conditions, and where it was assured the phone could not have "seen" her son during the setup. 
    https://www.wired.com/story/10-year-old-face-id-unlocks-mothers-iphone-x/
    Yep, already read the article. But the video only presents one small segment of the larger experiment - the test case failure. I'd like to see the entire experimental sequence from initial "training" to unintended unlocking documented in a video. I'm not disputing whether Face ID was reliably spoofed, I'm only asking to see everything in the experiment recorded so the conditions and scenario can be evaluated and hopefully repeated by Apple engineers in an instrumented test environment.

    The first thing every engineer wants to know when there is any functional anomaly is whether the scenario is repeatable so they can  repeat the test case and hopefully identify the root cause of the failure. Without seeing the whole sequence recorded the repeatability is questionable. The creators of the video went to the trouble to record and post the test case failure online. This indicates that they are willing put in some level of effort to bring light to this condition. That's all fine and good. But they can do so much more by helping Apple correct the underlying problem by recording the entire test case in a video so Apple can try to repeat it in their lab. This is not too much to ask for and I'm sure Apple will find a way to express their gratitude. 
    SpamSandwichradarthekatpscooter63
  • Reply 45 of 96
    gatorguygatorguy Posts: 19,351member
    gatorguy said:

    gatorguy said:
    dewme said:
    i’d like to know how long it was from the time it was initially configured to her face. 
    Yes, and I'd also like to see whether the phone was trained to accept the son's face ahead of time. Not trying to defend or refute the claim that the video implies, but I'd like to see the experiment repeated starting at the very first initialization/training steps and proceeding to the son attempting to unlock the phone with the phone never having seen his face before. It's insufficient to reach a conclusion in this case without having any semblance of it being a controlled experiment. 
    All you had to do was read the source article. 
    What source article? This AI story doesn’t have a Wired reference link unless I’m missing it.
    Ah, you've missed my link to the source article, which I went and searched for myself before commenting. There's often "more stuff to learn" from a source article than a summation from a 3rd party which is why I look beyond one site.
     https://www.wired.com/story/10-year-old-face-id-unlocks-mothers-iphone-x/
    Your link didn't exist in the story published by AI. Since I'm on AI, I'm reading and commenting on the content published by AI. There's no reason for me to realize there was a third-party source article if AI didn't refer or link to it in their story (which they should IMO). Your nuts if you think I'm going to scan the comments for "GatorGuy" links to read prior to commenting on the AI story as published. Get real.
    Um...
    You quoted my post that included it. You just failed to quote the link, so apparently missed it.  Don't let it upset you. I'm not nuts, I just recognised there was probably an original source for the AI article. 
    muthuk_vanalingamavon b7
  • Reply 46 of 96
    ben20ben20 Posts: 119member
    mike1 said:
    ben20 said:
    That is bad. Kids will always try to get into phones/iPads to play with them, delete a few apps apps, check your notification etc. But you can't setup your spouse as second user on it? 
    Through the passcode.
    We are so used to 2 users on Touch ID. Why give up on something great?  Who remembers passcodes with 10 devices in the house? So please Apple, bring back that feature! I bet the second generation of Face ID will have it again!
    muthuk_vanalingam
  • Reply 47 of 96
    irnchrizirnchriz Posts: 1,570member
    Easy to replicate

    setup Face ID
    make sure it works for you
    now pass to sibling/child, it will fail to unlock.
    have them hold the phone and put in passcode
    now, they can unlock with Face ID. 

    The only caveat is that they have to at least somewhat resemble you so that the iPhone temporarily adds their face scan as additional data to the initial scan.
    edited November 2017 radarthekat
  • Reply 48 of 96
    tzeshantzeshan Posts: 1,793member
    Here is an idea of an interesting experiment.  Gather a group of people that looks alike.  Give each one an iPhone X. Let them switch phones and see how many of them can unlock other iPhone X.  I guess at least one or them can succeed.  
  • Reply 49 of 96
    SoliSoli Posts: 8,396member
    ben20 said:
    mike1 said:
    ben20 said:
    That is bad. Kids will always try to get into phones/iPads to play with them, delete a few apps apps, check your notification etc. But you can't setup your spouse as second user on it? 
    Through the passcode.
    We are so used to 2 users on Touch ID. Why give up on something great?  Who remembers passcodes with 10 devices in the house? So please Apple, bring back that feature! I bet the second generation of Face ID will have it again!
    Maybe, maybe not. While you could register up to 5 fingers with Touch ID, the entire system works differently than Face ID. If adding 1 to 4 more faces caused a long delay in authentication it's probably not going to happen. Even if it miraculously happens to be just as fast it may never happen because these are designed as single-user devices and you have two hands with 5 phalanges on each hand, while you only have one face.
  • Reply 50 of 96
    cpsrocpsro Posts: 2,413member
    gatorguy said:
    cpsro said:
    The original situation of the son being able to unlock with Face ID likely arose because Face ID had been only minimally trained on the mother.

    In later retrains by the mother, the kid knows his mother's passcode and his face is similar enough, so every time Face ID fails and he enters the passcode, it's telling Face ID to add his face to the Face ID model.

    If you give someone else your passcode, does Face ID matter any more? It seems Face ID accuracy is compromised at least a little when someone other than the trainer enters the passcode, too. If you later want to exclude people who have your passcode and who may have used it to gain entry, you should change your passcode and re-set Face ID.

    Whatever happened to the scientific method?

    Face ID training involves 2 passes. Sometime I plan to train one pass on my face and the other on my wife's. Then see what happens!
    Is that how Face ID works? Every time you enter the passcode Apple programmed the system to accept that it's the owner and takes another face scan for training and improvement? I'd not seen that mentioned before. If so that's potentially a bit problematic since Face ID only allows one face to unlock it, and Dad/Mom/The Kid has to use the owner's passcode if he/she is allowed/asked to access the phone.
    My understanding is that, if a face--whether it's the original trainer's face or someone else's--is similar enough to the current Face ID model, then a failure to unlock by Face ID followed by entering the correct passcode will add that person's visage to the model. As the original trainer unlocks with their face over time, the model becomes increasingly specific for their face, making it less and less likely that the face of someone else (who must also know the passcode!) will get mixed into the model.  When Face ID is initially trained, it would be far more likely to accept and add to the model someone else's visage. I'm pretty sure Federighi said enough during his demo to conclude all this.
    Hypothetically, similar-looking family members will rarely be a problem if they aren't allowed to unlock the X after the primary user has trained Face ID for some period of time (a few days?). Who's going to test this?
    edited November 2017 rogifan_newradarthekat
  • Reply 51 of 96
    Soli said:
    djsherly said:
    Soli said:
    djsherly said:
    If the truth of it is that the FaceID was trained to the kids face somehow, then whatever rules are being set to adapt recognition over time must be adjusted. Apple claimed 1:1000000 false positives, there are enough videos out there to put that in question. 
    They said nothing about "1:1000000 false positives." Their statement is about a statistical average based on randomness due to the sophistication of the HW and SW. Think of it like having a 4-digit PIN. You have 10,000 possibilities, or a 1:10,000 chance, but if that PIN is '0000' or the 4-digit house number of your address, it's probably going to be cracked much sooner because someone will look for common patterns. With Face ID the common pattern is a close DNA match.

    This is also partially true for fingerprints in that the various aspects of a fingerprint are inherited. However, the actually print pattern tends to be very unique, even amongst identical twins, which is why it can be 1:50,000 and potentially be more secure than Face ID with 1:1,000,000.
    Ok, you focused on the 1:1000000 claim, but my real assertion is that the training rules are not right if this kind of thing can happen. I would understand totally the case of identical twins but this kind of abuse case seems like an obvious one to guard against. Kids are always trying to mess with parents stuff. 
    What's your solution? Children are often very close to one parent's skull structure and it's not suppose to be used for children under 13yo, so what is Apple to do that they haven't stated already?

    I guess Apple could offer a Face ID+passcode option for the first week so that it will both keep her son out as well as let the device know not to record any Face ID training that doesn't accompany a passcode immediately after. And while that week of training may prevent her son from getting into iPhone X it's certainly not guaranteed.

    While I'm glad that the limits of the technology and implementation are being explored, I also don't think it's a big deal.
    Soli said:
    djsherly said:
    Soli said:
    djsherly said:
    If the truth of it is that the FaceID was trained to the kids face somehow, then whatever rules are being set to adapt recognition over time must be adjusted. Apple claimed 1:1000000 false positives, there are enough videos out there to put that in question. 
    They said nothing about "1:1000000 false positives." Their statement is about a statistical average based on randomness due to the sophistication of the HW and SW. Think of it like having a 4-digit PIN. You have 10,000 possibilities, or a 1:10,000 chance, but if that PIN is '0000' or the 4-digit house number of your address, it's probably going to be cracked much sooner because someone will look for common patterns. With Face ID the common pattern is a close DNA match.

    This is also partially true for fingerprints in that the various aspects of a fingerprint are inherited. However, the actually print pattern tends to be very unique, even amongst identical twins, which is why it can be 1:50,000 and potentially be more secure than Face ID with 1:1,000,000.
    Ok, you focused on the 1:1000000 claim, but my real assertion is that the training rules are not right if this kind of thing can happen. I would understand totally the case of identical twins but this kind of abuse case seems like an obvious one to guard against. Kids are always trying to mess with parents stuff. 
    What's your solution? Children are often very close to one parent's skull structure and it's not suppose to be used for children under 13yo, so what is Apple to do that they haven't stated already?

    I guess Apple could offer a Face ID+passcode option for the first week so that it will both keep her son out as well as let the device know not to record any Face ID training that doesn't accompany a passcode immediately after. And while that week of training may prevent her son from getting into iPhone X it's certainly not guaranteed.

    While I'm glad that the limits of the technology and implementation are being explored, I also don't think it's a big deal.

    It becomes a slightly bigger deal once your kid authorises purchases through family sharing...

    I just pointed out what should be a fairly obvious scenario. I don’t have the answers, if I did I wouldn’t be sitting here :)

    Something like you suggest would improve things I guess, but surely the software parameters can adjusted to tighten the likeness threshold. Or maybe that was tried and that resulted in too many false negatives?
    muthuk_vanalingam
  • Reply 52 of 96
    sflocalsflocal Posts: 4,295member
    I don't have kids so it's a non-issue for me.

    While the iHaters are certainly have a field day on this, I find the hater being so gullible in accepting any youtube video without any scientific proof to back it up.  

    As far as I'm concerned and unless Apple makes an official statement, this is a non-issue when FaceID as been configured and trained properly.  I'll gladly trust Apple's testing and resources much more than some schmuck on youtube with an axe to grind.
    magman1979macplusplusanantksundarampscooter63
  • Reply 53 of 96
    anomeanome Posts: 1,169member

    I would also like to know the full setup. Has the phone been trained, even inadvertently, to recognise the son's face as well as the mother's? Or is it a matter that in the right lighting, the son looks enough like the mother to get past the model? And how long after configuring it was the testing done?

    From some of the comments here, there's a suggestion that at least the subsequent tests in different lighting were done fairly soon after the config of FaceID. Not sure what the implications of that are, other than it will presumably get harder to fool it, the longer it's in use, due to the way it learns.

    This and the BKAV story show there's a lot of experimentation to be done with FaceID, but the stories are largely just about getting around FaceID without detail on the testing setup. I'd say in each instance, there's something crucial missing from the description.

    radarthekat
  • Reply 54 of 96
    SoliSoli Posts: 8,396member
    sflocal said:
    I don't have kids so it's a non-issue for me.
    Me neither. It'll only become a problem for me if my iPhone X is stolen by Brad Pitt¡
    edited November 2017 randominternetpersonRayz2016uktechieGG1radarthekatpscooter63djsherly
  • Reply 55 of 96
    JustWill312JustWill312 Posts: 2unconfirmed, member
    Doh! It's a hidden feature that Apple built but didn't promote. The feature is to scan a second user's face and let Face ID learn the new face, thus adding a second face to unlock the iPhone X.
  • Reply 56 of 96
    bb-15bb-15 Posts: 235member
    gatorguy said:
    dewme said:
    i’d like to know how long it was from the time it was initially configured to her face. 
    Yes, and I'd also like to see whether the phone was trained to accept the son's face ahead of time. Not trying to defend or refute the claim that the video implies, but I'd like to see the experiment repeated starting at the very first initialization/training steps and proceeding to the son attempting to unlock the phone with the phone never having seen his face before. It's insufficient to reach a conclusion in this case without having any semblance of it being a controlled experiment. 
    All you had to do was read the source article. The phone was reset multiple times to test Face ID initializing and use under different conditions, and where it was assured the phone could not have "seen" her son during the setup. 
    https://www.wired.com/story/10-year-old-face-id-unlocks-mothers-iphone-x/
    Thanks for the link to the original article which said;

    "At WIRED's suggestion, Malik asked his wife to re-register her face to see what would happen. After Sherwani freshly programmed her face into the phone, it no longer allowed Ammar access. To further test it, Sherwani tried registering her face again a few hours later, to replicate the indoor, nighttime lighting conditions in which she first set up her iPhone X. The problem returned;"

    It seems that with what would be considered "poor lighting" that Face ID will not have a clear image of the user's face so that it can be spoofed by a close relative. 
    * What to do imo?
    - As mentioned by Wired; check out if close relatives can unlock the iPhone X. If they can, try re-registering the owner's face in clear lighting conditions. 
    - If not successful, and worried about a relative, turn off Face ID and use a password. 
    - If a password is too inconvenient, consider trading the iPhone X in during the return period for an iPhone 8/8+. 
    - If all of this is too much of a hassle or is too scary, skip the iPhone X and get the iPhone 8/8+.
    edited November 2017 spliff monkeymuthuk_vanalingamavon b7
  • Reply 57 of 96
    SoliSoli Posts: 8,396member
    bb-15 said:
    gatorguy said:
    dewme said:
    i’d like to know how long it was from the time it was initially configured to her face. 
    Yes, and I'd also like to see whether the phone was trained to accept the son's face ahead of time. Not trying to defend or refute the claim that the video implies, but I'd like to see the experiment repeated starting at the very first initialization/training steps and proceeding to the son attempting to unlock the phone with the phone never having seen his face before. It's insufficient to reach a conclusion in this case without having any semblance of it being a controlled experiment. 
    All you had to do was read the source article. The phone was reset multiple times to test Face ID initializing and use under different conditions, and where it was assured the phone could not have "seen" her son during the setup. 
    https://www.wired.com/story/10-year-old-face-id-unlocks-mothers-iphone-x/
    Thanks for the link to the original article which said;

    "At WIRED's suggestion, Malik asked his wife to re-register her face to see what would happen. After Sherwani freshly programmed her face into the phone, it no longer allowed Ammar access. To further test it, Sherwani tried registering her face again a few hours later, to replicate the indoor, nighttime lighting conditions in which she first set up her iPhone X. The problem returned;"

    It seems that with what would be considered "poor lighting" that Face ID will not have a clear image of the user's face so that it can be spoofed by a close relative. 
    * What to do imo?
    - As mentioned by Wired; check out if close relatives can unlock the iPhone X. If they can, try re-registering the owner's face in clear lighting conditions. 
    - If not successful, and worried about a relative, turn off Face ID and use a password. 
    - If a password is too inconvenient, consider trading the iPhone X in during the return period for an iPhone 8/8+. 
    - If all of this is too much of a hassle or is too scary, skip the iPhone X and get the iPhone 8/8+.
    I'm surprised that is an issue since it projects IR and captures IR. Why are external visible light sources even needed?
    randominternetpersonmacsince1988pscooter63
  • Reply 58 of 96
    foggyhillfoggyhill Posts: 4,767member
    So, same bullshit as usual, unlock after training with deliberately bad early data.
    edited November 2017
  • Reply 59 of 96
    foggyhillfoggyhill Posts: 4,767member
    dysamoria said:
    I love seeing all the Apple fans rushing to blame the users... you know, the target audience for these devices.
    Right.. Unlock nearly straight nearly after first training (after introducing bad training data), as usual. All the cases have been exactly the same up to now.
    edited November 2017 radarthekat
  • Reply 60 of 96
    Soli said:
    bb-15 said:
    gatorguy said:
    dewme said:
    i’d like to know how long it was from the time it was initially configured to her face. 
    Yes, and I'd also like to see whether the phone was trained to accept the son's face ahead of time. Not trying to defend or refute the claim that the video implies, but I'd like to see the experiment repeated starting at the very first initialization/training steps and proceeding to the son attempting to unlock the phone with the phone never having seen his face before. It's insufficient to reach a conclusion in this case without having any semblance of it being a controlled experiment. 
    All you had to do was read the source article. The phone was reset multiple times to test Face ID initializing and use under different conditions, and where it was assured the phone could not have "seen" her son during the setup. 
    https://www.wired.com/story/10-year-old-face-id-unlocks-mothers-iphone-x/
    Thanks for the link to the original article which said;

    "At WIRED's suggestion, Malik asked his wife to re-register her face to see what would happen. After Sherwani freshly programmed her face into the phone, it no longer allowed Ammar access. To further test it, Sherwani tried registering her face again a few hours later, to replicate the indoor, nighttime lighting conditions in which she first set up her iPhone X. The problem returned;"

    It seems that with what would be considered "poor lighting" that Face ID will not have a clear image of the user's face so that it can be spoofed by a close relative. 
    * What to do imo?
    - As mentioned by Wired; check out if close relatives can unlock the iPhone X. If they can, try re-registering the owner's face in clear lighting conditions. 
    - If not successful, and worried about a relative, turn off Face ID and use a password. 
    - If a password is too inconvenient, consider trading the iPhone X in during the return period for an iPhone 8/8+. 
    - If all of this is too much of a hassle or is too scary, skip the iPhone X and get the iPhone 8/8+.
    I'm surprised that is an issue since it projects IR and captures IR. Why are external visible light sources even needed?
    Exactly.  I assumed it was all about the IR dots (and nothing but the dots).
    [Deleted User]
Sign In or Register to comment.