More information and more testing is needed before we can draw any conclusions but this is worrying. I’m not aware that Apple’s Face ID setup instructions warn of any issues or say you mustn’t rely on Face ID for the first few days. Users will reasonably expect it to “just work”. I would be very alarmed if my young kids could unlock my iPhone.
Remember Face ID, like Touch ID, is used for many purposes. I rely on Touch ID to prevent unauthorised access to my bank accounts, for example. If banks or other organisations decide Face ID is not sufficiently secure they’ll stop supporting it, Apple will lose credibility and others will soon follow.
On the other hand Apple’s claims of a 1 in a million chance of a stranger’s face unlocking your iPhone may be true. That probablility may fall to 1 in 10,000 for close relatives. Test it with 10,000 pairs of close relatives and you’ll probably find two sufficiently alike to fool Face ID. These two may be the one in 10,000 chance. They certainly look very alike.
The problem is that one in one million may be after 50 unlocks, Apple should tell family members to not unlock their phones after a failure with the pin number. That, by itself will introduce tremendous uncertainty in the training. The unlocking after a failure is what tells the training that this failure was a false failure. If indeed it is a real failure, then allowing someone to log in will pollute the data.
If the truth of it is that the FaceID was trained to the kids face somehow, then whatever rules are being set to adapt recognition over time must be adjusted. Apple claimed 1:1000000 false positives, there are enough videos out there to put that in question.
They said nothing about "1:1000000 false positives." Their statement is about a statistical average based on randomness due to the sophistication of the HW and SW. Think of it like having a 4-digit PIN. You have 10,000 possibilities, or a 1:10,000 chance, but if that PIN is '0000' or the 4-digit house number of your address, it's probably going to be cracked much sooner because someone will look for common patterns. With Face ID the common pattern is a close DNA match.
This is also partially true for fingerprints in that the various aspects of a fingerprint are inherited. However, the actually print pattern tends to be very unique, even amongst identical twins, which is why it can be 1:50,000 and potentially be more secure than Face ID with 1:1,000,000.
Apple better be working on TouchId through the display screen.
Don't count on it, at most they'll put more indications on how to train the system properly (maybe doing 5-10 unlocks in many more lighting conditions as a baseline) and what NOT to do make it not work properly. They could also say they'll reset the training data to zero and require a total retraining if there are to many pin entries after failures (meaning the training data is diverging).
In machine learning, if you introduce crap data as real data, the whole thing won't work properly.
Interesting! I just wish people should stop suggesting that his was hacked. Maybe Apple should bring the mother-son pair in and use them as the test subject and improve the FaceID. This is the first version of FaceID - I am sure there is room for improvement.
Its not hacked, it's in fact completely, seemingly on purpose fracking the data. Unlocking after a failure when it happens early should only be done by the one the face has been registered to. I think Apple should just make the training longer and under more diverse conditions.
Interesting! I just wish people should stop suggesting that his was hacked. Maybe Apple should bring the mother-son pair in and use them as the test subject and improve the FaceID. This is the first version of FaceID - I am sure there is room for improvement.
Its not hacked, it's in fact completely, seemingly on purpose fracking the data. Unlocking after a failure when it happens early should only be done by the one the face has been registered to. I think Apple should just make the training longer and under more diverse conditions.
But for kids getting into parents's iPhones will be so much easier with Face ID than Touch ID. All they have to do is get hold of the phone (pick it up from the table) and point it at mum or dad who is to distracted to notice. Or else they will learn how to disguise it. Only the lens needs to be visible. Can you open the phone with your eyes closed? If so it will be even easier
Interesting! I just wish people should stop suggesting that his was hacked. Maybe Apple should bring the mother-son pair in and use them as the test subject and improve the FaceID. This is the first version of FaceID - I am sure there is room for improvement.
Its not hacked, it's in fact completely, seemingly on purpose fracking the data. Unlocking after a failure when it happens early should only be done by the one the face has been registered to. I think Apple should just make the training longer and under more diverse conditions.
But for kids getting into parents's iPhones will be so much easier with Face ID than Touch ID. All they have to do is get hold of the phone (pick it up from the table) and point it at mum or dad who is to distracted to notice. Or else they will learn how to disguise it. Only the lens needs to be visible. Can you open the phone with your eyes closed? If so it will be even easier
1) That's certainly possible, but it does require what one may consider an extremely level of planning and commitment. They could also do this with Touch ID when they're sleeping and they wouldn't need to worry about pointing it at a face and having them look at it. Touch ID is so fast that I think it's very likely they wouldn't even notice.
2) You can disable Attention Aware, but it's on by default.
I never mind that people from India would be so incorrect. I know is the land of sundar pichai but.. anyway ask at who have it. It’s work perfectly. I tried many times and it is sure. iPhone X is the best product ever made. When Touch ID is been released by Apple we did read fake news like this. So be smart. Don’t be played. Think different.
I am not sure what this has to with India or Sundar Pichai. For your information, from their names, that family looks Pakistani to me, not Indian. But, as I said, that's irrelevant to the story.
Reading through all the comments here and the Wired article, I would agree with one of the commenters here who said that this obscure bug may only be repeatable in the early stages of FaceID setup. In other words, the more data FaceID captures about a specific face, the less likely it's to unlock even for a family member with similar facial features (barring identical twins). If that were not true, we would be seeing hundreds of such videos from the millions who have an iPhoneX in their hands at this point, not just one.
I personally think the ambient lighting stuff is a red herring, unless demonstrably repeated by other people.
re: the several comments on "not a true lab test!!". Actually, this is a real world test and MUCH more likely to be the way FaceID is setup in the wild - I would assume and HOPE that apple did real world testing like this and not just restricted it to separate room, lab testing under certain lighting conditions only.
As for the phone learning the face of anyone who enters the passcode, I think personally that's a mistake to include or at least not be an option. Passcode entry is how my other half accesses my phone and vice-versa, it'll just dilute the accuracy of the actual owner's FaceID.
i’d like to know how long it was from the time it was initially configured to her face.
Yes, and I'd also like to see whether the phone was trained to accept the son's face ahead of time. Not trying to defend or refute the claim that the video implies, but I'd like to see the experiment repeated starting at the very first initialization/training steps and proceeding to the son attempting to unlock the phone with the phone never having seen his face before. It's insufficient to reach a conclusion in this case without having any semblance of it being a controlled experiment.
All you had to do was read the source article. The phone was reset multiple times to test Face ID initializing and use under different conditions, and where it was assured the phone could not have "seen" her son during the setup. https://www.wired.com/story/10-year-old-face-id-unlocks-mothers-iphone-x/
Thanks for the link to the original article which said;
"At WIRED's suggestion, Malik asked his wife to re-register her face to see what would happen. After Sherwani freshly programmed her face into the phone, it no longer allowed Ammar access. To further test it, Sherwani tried registering her face again a few hours later, to replicate the indoor, nighttime lighting conditions in which she first set up her iPhone X. The problem returned;"
It seems that with what would be considered "poor lighting" that Face ID will not have a clear image of the user's face so that it can be spoofed by a close relative. * What to do imo? - As mentioned by Wired; check out if close relatives can unlock the iPhone X. If they can, try re-registering the owner's face in clear lighting conditions. - If not successful, and worried about a relative, turn off Face ID and use a password. - If a password is too inconvenient, consider trading the iPhone X in during the return period for an iPhone 8/8+. - If all of this is too much of a hassle or is too scary, skip the iPhone X and get the iPhone 8/8+.
I'm surprised that is an issue since it projects IR and captures IR. Why are external visible light sources even needed?
I made the same observation way back in Post#5. I've no idea why ambient lighting would have any effect one way or the other.
I assuming it's because the quality of the lighting allows the software to overlay the info from the IR sensors more accurately over the face. In a pitch black room for instance, the software can not accurately determine which IR dots represent the tip of the nose or the distance between the pupils. So it has to make the best estimate initially. But as more facial info is entered with each unlock, under different ambient lighting, the info from the IR sensors becomes a more accurate representation of the face. With better lightning, the software don't have to rely on estimating what each IR dot represent on the face, as it has a good image of the face to accurately overlay the IR data.
Of course I'm assuming this is how the Face ID software works. That it relies on both a quality image of the face and the data it gets from the IR sensors. The image of a face lit with IR or poor ambient lighting is not as good as an image of the face lit with good lighting. And thus good lighting should be use when initializing Face ID, to be accurate from the get go.
Interesting! I just wish people should stop suggesting that his was hacked. Maybe Apple should bring the mother-son pair in and use them as the test subject and improve the FaceID. This is the first version of FaceID - I am sure there is room for improvement.
Its not hacked, it's in fact completely, seemingly on purpose fracking the data. Unlocking after a failure when it happens early should only be done by the one the face has been registered to. I think Apple should just make the training longer and under more diverse conditions.
But for kids getting into parents's iPhones will be so much easier with Face ID than Touch ID. All they have to do is get hold of the phone (pick it up from the table) and point it at mum or dad who is to distracted to notice. Or else they will learn how to disguise it. Only the lens needs to be visible. Can you open the phone with your eyes closed? If so it will be even easier
I would think that if you set up Face ID with your eyes close, it would unlock that way. But if both eyes are opened when you set you Face ID, then both eyes needs to be open. I thought I read somewhere that if law enforcement wanted to unlock your iPhone, with Face ID, by holding it in front of your face, all you had to do was to close one eye. And it's why kids can't unlock your iPhone, with Face ID, using your face while you are asleep.
If you're under the age of 13, your facial features may not yet be distinct enough for Face ID to function properly and you'll have to revert to passcode.
Right, to me, this says that it does not work for children. What it doesn’t say is that children will be able to unlock your phone if they look like you.
Now, what happened here seems a little unclear. I suspect that the mother unlocked the phone and gave it to the kid to try again. But if not (and I’m not sure how we’d find out) then Apple needs to do some tweaking.
Apple should of never ditched Touch ID, it's too soon. They should of kept Touch ID but embedded in the screen instead of Face ID, which they can still do via a firmware maybe especially on the iPhone X.
Right, to me, this says that it does not work for children. What it doesn’t say is that children will be able to unlock your phone if they look like you.
My understanding from reading the article was there's an initial period (hours? days?) with FaceID setup where a failed attempt by someone else to unlock followed by entering the passcode (if that person has it, as a son or close relative probably might) actually adds the facial data of *that* person to FaceID's stored data, thus increasing the probability of an unlock by that person. The more this sequence is repeated by the other person with facial similarities, the more FaceID data of that person would be added, increasing the probability of an unlock. This may be why the son was able to unlock on some attempts and not at others, as mentioned in the Wired article.
What we see in the video probably doesn't reflect all that has gone on before it was taken - for all we know, the son might have tried to unlock and entered with passcode any number of times, thus adding to the probability of FaceID unlocking for him.
What I would like to see Wired do is for the mother to continuously use the FaceID for a few days without letting the son touch the phone (and change the passcode, too) and then test if he can unlock it again. That, to me, would clearly show if there's a problem here or not.
Apple should of never ditched Touch ID, it's too soon.
I agree, but…
They should of kept Touch ID but embedded in the screen instead of Face ID
They tried that (despite Cook publicly claiming they didn’t; they obviously did since they’ve had a patent for it for the longest time) but apparently couldn’t get it to work. Either there were problems with the tech or the manufacturing yield.
which they can still do via a firmware
I don’t see how. It’s dedicated imaging hardware in the button on the iPhone 5S/6/6S/7. If they didn’t put that hardware beneath the X’s screen, software can’t fix it.
Comments
2) You can disable Attention Aware, but it's on by default.
I personally think the ambient lighting stuff is a red herring, unless demonstrably repeated by other people.
and their explanation will be that they addressed this in the keynote as a possibility
As for the phone learning the face of anyone who enters the passcode, I think personally that's a mistake to include or at least not be an option. Passcode entry is how my other half accesses my phone and vice-versa, it'll just dilute the accuracy of the actual owner's FaceID.
Of course I'm assuming this is how the Face ID software works. That it relies on both a quality image of the face and the data it gets from the IR sensors. The image of a face lit with IR or poor ambient lighting is not as good as an image of the face lit with good lighting. And thus good lighting should be use when initializing Face ID, to be accurate from the get go.
https://www.imore.com/face-id-spoofing-fud
If you're under the age of 13, your facial features may not yet be distinct enough for Face ID to function properly and you'll have to revert to passcode.
Right, to me, this says that it does not work for children. What it doesn’t say is that children will be able to unlock your phone if they look like you.
Now, what happened here seems a little unclear. I suspect that the mother unlocked the phone and gave it to the kid to try again. But if not (and I’m not sure how we’d find out) then Apple needs to do some tweaking.
What we see in the video probably doesn't reflect all that has gone on before it was taken - for all we know, the son might have tried to unlock and entered with passcode any number of times, thus adding to the probability of FaceID unlocking for him.
What I would like to see Wired do is for the mother to continuously use the FaceID for a few days without letting the son touch the phone (and change the passcode, too) and then test if he can unlock it again. That, to me, would clearly show if there's a problem here or not.
They tried that (despite Cook publicly claiming they didn’t; they obviously did since they’ve had a patent for it for the longest time) but apparently couldn’t get it to work. Either there were problems with the tech or the manufacturing yield.
I don’t see how. It’s dedicated imaging hardware in the button on the iPhone 5S/6/6S/7. If they didn’t put that hardware beneath the X’s screen, software can’t fix it.