10-Year-Old Boy Cracks the Face ID On Both Parents' IPhone X (wired.com) 37

Posted by EditorDavid from the I-see-what-you-did-there dept.
An anonymous reader writes: A 10-year-old boy discovered he could unlock his father's phone just by looking at it. And his mother's phone too. Both parents had just purchased a new $999 iPhone X, and apparently its Face ID couldn't tell his face from theirs. The unlocking happened immediately after the mother told the son that "There's no way you're getting access to this phone."

Experiments suggest the iPhone X was confused by the indoor/nighttime lighting when the couple first registered their faces. Apple's only response was to point to their support page, which states that "the statistical probability is different...among children under the age of 13, because their distinct facial features may not have fully developed. If you're concerned about this, we recommend using a passcode to authenticate." The boy's father is now offering this advice to other parents. "You should probably try it with every member of your family and see who can access it."

And his son just "thought it was hilarious."

  • Sounds like excuses (Score:1)

    by Anonymous Coward

    You're looking at the phone wrong, etc., etc., etc........

  • I wonder, can monozygotic twins unlock each other's phones? That would be even more hilarious.

  • ... and on the front too, not the back.

    I.e. you need to give people an option for no security, passcode, fingerprint or FaceID and let them decide on what balance of security and convenience they want.

    Right now it seems like the industry is either putting fingerprint scanners on the back or omitting them entirely. It's another example of a useful feature being omitted for mostly aesthetic reasons - i.e. bezel-less displays. Of course it saves on component cost too.

    • I can't get on with fingerprint scanners on the front. The back is where my finger naturally lands as I put my hand in my pocket to get my phone out.

      The front feels clunky and means I have to use two hands to unlock my phone.

  • The son is correct... (Score:2, Informative)

    by Anonymous Coward

    It IS hilarious. It's legitimately an odd way to authenticate anyway, and less secure than fingerprints, and way less secure than constantly typing annoying passphrases. It should be no surprise that there's endless ways to fool it.

  • Kids as skeleton keys, that would be so funny if it weren't the security desaster it actually is. What remains to be shown now is that a random group of, say, 10 children with no relation to an iPhonX (previous...) owner has a more than 10% chance of unlocking Face ID.
  • That's scary, that puts your children at risk at being kidnapped or being brought in by aggressive authorities in an attempt to get access to your device. Parents should rather avoid using this feature altogether.

    • It also gives your child full access to your ApplePay account. which by default only requires FaceID to authenticate.

  • Biometrics are not passwords (Score:4, Insightful)

    by bradley13 ( 1118935 ) on Monday November 20, 2017 @04:19AM (#55585427) Homepage

    Biometrics are user-ids, not passwords.

    There are three aspects to security: something you are, something you know, something you have. Implement two for rudimentary security, implement all three for good security.

    - Something you are: User ID, biometrics, or some other public information that serves to identify the person.

    - Something you know: Typically a password, used to prove the identity

    - Something you have: Second factor, used to prove that the password and identity were not stolen.

    Face-ID and fingerprints are insecure and easily fooled.

  • You're not really supposed to "unlock" an iPhoneX. The way FaceID is supposed to work, you pick it up from somewhere and when you instinctively look at the screen, it performs its magic and it's ready, no need to put the right finger on a sensor in the right way, or click on anything. After some time, you're probably going to forget it's actually authenticating you. Unfortunately, while in theory quite convenient, this has several drawbacks in terms of security and usability; it's not really a step forward

  • Between this, the debacle of iOS 11 and the fact that the Mac lines have been languishing under him, it's clear they need to get rid of him.

    And no, replacing him with the woman who runs the retail side is not good for the company no matter how good her number is or how desperately they want to put a woman in charge of the richest company in the world.

    At this point, they need a Satya Nadella who can actually get in there, balance both product lines, come up with new ones and reacquire alienated Mac users who

  • Just shows how crap face-id really is, and it also shows how Apple has tested this feature... like not..

