Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Iphone Cellphones Privacy Security Apple

10-Year-Old Boy Cracks the Face ID On Both Parents' IPhone X (wired.com) 300

An anonymous reader writes: A 10-year-old boy discovered he could unlock his father's phone just by looking at it. And his mother's phone too. Both parents had just purchased a new $999 iPhone X, and apparently its Face ID couldn't tell his face from theirs. The unlocking happened immediately after the mother told the son that "There's no way you're getting access to this phone."

Experiments suggest the iPhone X was confused by the indoor/nighttime lighting when the couple first registered their faces. Apple's only response was to point to their support page, which states that "the statistical probability is different...among children under the age of 13, because their distinct facial features may not have fully developed. If you're concerned about this, we recommend using a passcode to authenticate." The boy's father is now offering this advice to other parents. "You should probably try it with every member of your family and see who can access it."

And his son just "thought it was hilarious."

This discussion has been archived. No new comments can be posted.

10-Year-Old Boy Cracks the Face ID On Both Parents' IPhone X

Comments Filter:
  • by Anonymous Coward on Monday November 20, 2017 @04:38AM (#55585315)

    You're looking at the phone wrong, etc., etc., etc........

  • Just curious... (Score:4, Interesting)

    by vasilevich ( 2969463 ) on Monday November 20, 2017 @04:41AM (#55585331)
    I wonder, can monozygotic twins unlock each other's phones? That would be even more hilarious.
  • by antek9 ( 305362 ) on Monday November 20, 2017 @04:58AM (#55585369)
    Kids as skeleton keys, that would be so funny if it weren't the security desaster it actually is. What remains to be shown now is that a random group of, say, 10 children with no relation to an iPhonX (previous...) owner has a more than 10% chance of unlocking Face ID.
  • Scary (Score:5, Interesting)

    by Jonathan Carterâ„¢ ( 5162815 ) on Monday November 20, 2017 @05:15AM (#55585411)
    That's scary, that puts your children at risk at being kidnapped or being brought in by aggressive authorities in an attempt to get access to your device. Parents should rather avoid using this feature altogether.
  • by bradley13 ( 1118935 ) on Monday November 20, 2017 @05:19AM (#55585427) Homepage

    Biometrics are user-ids, not passwords.

    There are three aspects to security: something you are, something you know, something you have. Implement two for rudimentary security, implement all three for good security.

    - Something you are: User ID, biometrics, or some other public information that serves to identify the person.

    - Something you know: Typically a password, used to prove the identity

    - Something you have: Second factor, used to prove that the password and identity were not stolen.

    Face-ID and fingerprints are insecure and easily fooled.

    • And even as a user-id it fails miserably as seen in TFA
    • by AmiMoJo ( 196126 ) <mojo@wo[ ]3.net ['rld' in gap]> on Monday November 20, 2017 @07:08AM (#55585731) Homepage Journal

      Fingerprints seem to be pretty good in the real world. The FBI can't seem to crack them. UK security forces can't reliably crack them, so they have taken to following people until they unlock their phone and then staging a fake mugging to grab it in that state.

      Okay, maybe the NSA can get in, but for most people a good fingerprint scanner seems to be a reasonable option. The main issue is the lack of a panic button on some of them, i.e. something you do to disable it and require require the passcode. Apple lets you press the power button 5 times quickly, on most Android devices holding the power button for a few seconds works.

      • The FBI are lying. They can 'crack' touchID. If the suspect is alive you can legally compel a fingerprint; if the suspect is dead (and the authorities didn't obliterate the suspect) all they have to do is go down to the morgue and open the device with the dead finger. This is all about a power-grab and the MSM is publishing anti-crypto propaganda to soften up the public's opinion.
    • I agree that you must use more than one authentication factor.

      In fact, it is terribly dangerous to use biometrics, because when somebody stole your data you are doomed for the rest of your life. And to use in consumer products it is very irresponsible because those products, no matter the brand neither the price, won't be so well designed as security oriented machines.

      Also ... light interferes, children younger than 13 years interfere, photocopies interfere ... this technology is useless on real life s

    • by mjwx ( 966435 )

      Biometrics are user-ids, not passwords.

      Actually they're both but should never be used as the first factor of authentication.

      Face-ID and fingerprints are insecure and easily fooled.

      Yes and no.

      Done properly these technologies are quite effective, however to do it properly you need a $5000 bit of kit at every door and a hefty back end. Fingerprint scanners at Immigration are quite good, but you wont get that level of quality on a £500 phone. So in order to make it work, corners are cut which makes them ineffective as a security measure.

      Besides, people get distracted enough punching in a 4 ch

  • You're not really supposed to "unlock" an iPhoneX. The way FaceID is supposed to work, you pick it up from somewhere and when you instinctively look at the screen, it performs its magic and it's ready, no need to put the right finger on a sensor in the right way, or click on anything. After some time, you're probably going to forget it's actually authenticating you. Unfortunately, while in theory quite convenient, this has several drawbacks in terms of security and usability; it's not really a step forward

  • Between this, the debacle of iOS 11 and the fact that the Mac lines have been languishing under him, it's clear they need to get rid of him.

    And no, replacing him with the woman who runs the retail side is not good for the company no matter how good her number is or how desperately they want to put a woman in charge of the richest company in the world.

    At this point, they need a Satya Nadella who can actually get in there, balance both product lines, come up with new ones and reacquire alienated Mac users who

  • by SuperDre ( 982372 ) on Monday November 20, 2017 @05:37AM (#55585479) Homepage
    Just shows how crap face-id really is, and it also shows how Apple has tested this feature... like not..
  • Criminals will start using children under the age of 13 to unlock iphones... lol
  • by itamihn ( 1213328 ) on Monday November 20, 2017 @05:59AM (#55585531) Homepage

    We laugh now, but we all know that next year's (or the year after's) flagship Android phones will have Face ID.

  • by gravewax ( 4772409 ) on Monday November 20, 2017 @06:06AM (#55585551)
    So if it was confused by lighting does that mean apple outright lied how it works? or is that just fanboys trying to make up excuses? if you have something that operates by infrared dots on your face that supposedly works in dark or light how the fuck do you get confused by lighting conditions.
    • So if it was confused by lighting does that mean apple outright lied how it works? or is that just fanboys trying to make up excuses? if you have something that operates by infrared dots on your face that supposedly works in dark or light how the fuck do you get confused by lighting conditions.

      Because optimally you should have good lighting conditions (IR and Visible light) and not obscure your face when training a facial recognition system which is what this couple did according to the article summary. Additionally if you wear something that obstructs the face you might also want to train your system while wearing said item. The FR gear is intended to recognise you under sub-optimal conditions based on a training data sets made under optimal conditions, it is not intended to be reliable if the t

    • This may surprise you, but infrared radiation is very close in wavelength to this thing we perceive as "light", so much so that our "lights" in our house used to give of more of this mythical technology thing called "infrared" than actual light we perceived at one stage.

      If you think this interference means Apple is lying, I'm calling you ignorant. If you want to fix your ignorance look into the long history of using and sensing infrared in various fields, the history of TV remotes, IrDA, and even Nintendo's

    • by AmiMoJo ( 196126 )

      Maybe it does work as they describe, but they had to turn down the % match limit to make it usable. People expect the phone to unlock quickly when they look at it, in all lighting conditions and from various angles. Although humans can't see IR, it is still there and able to interfere with the iPhone's weak IR projection.

      Say it measures the distance between your eyes. To do that it has to find the corners of your eyes, from various angles and various distances. The resolution of the sensor is limited so the

  • by Lisandro ( 799651 ) on Monday November 20, 2017 @06:23AM (#55585595)

    Tim Cook's claim that FaceID is 20x more accurate than TouchID was kinda ridiculous. It is a neat technology and from what i hear it works well, but it is impossible to have face recognition that doesn't trigger false positives with relative ease. Telling people there's a one in a million chance that FaceID will mistake someone else face with yours is irresponsible.

  • by houghi ( 78078 ) on Monday November 20, 2017 @06:44AM (#55585657)

    Apple officials said "You are holding it wrong, in this case in front of the wrong person."

  • There has been numerous articles like this now. Apple has already explained that Face ID stores info about a persons face once a successful PIN code is entered to keep up with the users appearance over time. So whats most likely happened again is that the parents give their phones to their kids to try, the Face ID scan first fails and when the parents then put in the correct PIN code the phone stores information about the kids face together with the parents until eventually it learns to accept the kids fac
    • So it's broken, but they've explained so it's okay?

      If I enter my pin code, it's just what it is. It doesn't magically transmogrify into allowing a different pin code. No explanation needed by vendor - it's pretty much 'a given'.

  • by BirdBrained ( 661622 ) on Monday November 20, 2017 @07:48AM (#55585847)
    If your kid can't unlock your iPhone X, maybe you should have a little chat with your wife.
  • At least the boy now knows, that the mailman ain't his father.

  • And his son just "thought it was hilarious."

    well, not only his son, i think it is hilarious as well.

  • by Bruinwar ( 1034968 ) <bruinwar@hotmail.3.14com minus pi> on Monday November 20, 2017 @08:31AM (#55586011)
    I got a new phone a couple months ago & I've still not got around to locking it. I don't have Android pay or whatever set up (these things will make you set up a password). So what? If I lose it or it gets stolen, I call the provider & get the service shut off. It's sure is convenient to use right now. Am I missing something here?
    • ...not so cool when you've used the browser to authenticate with Google, and you've logged in the facebook app, and you've connected up your email to the email app.

      If you're never going to do those things, then yeah, don't bother with the lock. In fact, sell your phone and buy one of those cheap Nokias, as it'll do 90% of what you use your smart phone for, but at a fraction of the cost.

      The point is, for calls and texts, yes, your provider can stop that service. For anything else, they can't do that for you,

    • Re: (Score:2, Informative)

      by Anonymous Coward

      Really depends what you use it for. If you only ever make calls, then you're only risking your phone book. That might not seem like a big deal, but phoning up a mark's relatives pretending that there's some urgent crisis (broken down car in the middle of nowhere, been mugged in an unfamiliar city, had a serious accident and in hospital outside your network etc) and that they need to wire money/provide details/etc is very common scam.

      If you send or recieve messages, then you're risking your message history,

  • Missing the point (Score:5, Informative)

    by sjbe ( 173966 ) on Monday November 20, 2017 @08:38AM (#55586039)

    Think TouchID or FaceID like a lock on your front door. Yes it can be hacked and bypassed. Sometimes in ways you might not expect. It's low grade security. But that isn't the point. The point is to keep out the majority of less determined individuals out while being a reasonable balance between security and convenience for typical usage. If you want greater security there are features (passwords, etc) you can utilize to strengthen the system. Most of the time these are overkill but sometimes they are a very good idea. Anyone expecting TouchID or FaceID to provide iron clad security has incorrect ideas about what they are for and what their limitations are.

    • My mistake. I thought the point was so a cop could shove it in your face and have it unlock itself for him.

      • by sjbe ( 173966 )

        My mistake. I thought the point was so a cop could shove it in your face and have it unlock itself for him.

        Make the password required and it's a non-issue.

        • If you're going to make the password required anyway, why bother with this nonsense...so you can gaze longingly at Siri, and have her ask you for your password?

    • Anyone expecting TouchID or FaceID to provide iron clad security has incorrect ideas about what they are for and what their limitations are.

      Apple seems to do. ApplePay, for example, is authorized by FaceID by default.

    • you're missing the point, biometrics for secure access in 2017 is a farce yet it is touted as being sufficient to protect your payments, a nuke plant, etc.

      low grade security indeed, but high grade uses are made

  • I had more than 50,000 snaps of family members and friends and relatives because when the digital cameras came along I became a obsessed shutter bug. When Picassa debuted face recognition I saw it as a boon to organize my photo collection.

    Very quickly I discovered it confused mothers with daughters. When our turn to host the pot-luck comes around, our guests used to gather around, let Picassa lose on the collection and laugh and marvel at the same time about its confusion.

  • Did anyone really expect this to be more than a modern "keypad lock"?

    On my first phone, one could lock and unlock the keypad by pressing 0000. This was not security measure, just a way of preventing accidental phone calls.

    Face ID is just the modern "keypad lock", the right photo of the person will probably also unlock the phone.
  • Once again, biometrics showing that they are an almost empty shell.
    • Well, if you add 'currently practical' to that, yes.

      However, human faces are unique and very little is required for recognition - as long as the recognition engine is a human brain familiar with the subject. Eventually we should be able to mimic that with a computer algorithm.

      Using facial recognition on an iPhone at this point, though, was an ill-conceived marketing ploy. It's simply still too easy to fool.

  • Look at my phone. It Unlocked! You are the father!
  • "Which parent does little Ammar look more like?"


  • 10y old boy ... aka. Arya Stark?

Can anyone remember when the times were not hard, and money not scarce?