This 10-year-old was able to unlock his mom’s iPhone using Face ID

[Daljeet]

Since the iPhone X has hit the market, people have been trying all sorts of ways to trick the phone’s Face ID feature, including this creepy, cobbled-together mask. While Apple has admitted that false positives can happen, it was thought this could only happen with twins, or siblings under the age of 13. However, a new video has popped up showing a 10-year-old unlocking his mother’s iPhone, suggesting that any family members who bear enough resemblance might be able to bypass the system.
In the video, the mother explains that despite setting up Face ID for her face, her son is able to unlock the phone using his face. A Wired report on the video notes that the son was able to do this upon picking up the phone for the first time. The son was also able to unlock his father’s phone, but only in one instance.

After the mother reregistered her face under different lighting, her son was no longer able to unlock her phone. She reregistered a third time in dimmer lighting to replicate her initial registration, and then, her son was able to unlock the phone again.

Although Apple says Face ID is more secure than Touch ID, this raises questions about the possibility of false positives not only happening with twins and siblings around the same age, but with people of different sexes and significantly different ages. It is possible that the son’s age played a role as Apple has said that the “undeveloped facial features” in those under the age of 13 could cause issues with Face ID.

We’ve reached out to Apple for comment and will update with a response.

 

[frogboy]

Yikes that is not good at all.

 

[Danielx64]

Well, I think it about time that Apple look at what data centers use for bio auth.....

 

[Daljeet]

Mom and son face is matching, and that's why son able to bypass face. Recently I heard someone design a mask to bypass faced but now similar faces can also.
We forget one thing how faceid works there are algo's which calculate face and nose eyes and mouth distance. If two peoples have similar face then they can bypass faceid.

 

[mlnevese]

That's why Samsung always advise against using face recognition on their phones. Try to activate it on an S8, for instance, and you'll see the warning.

 

[Durden]

I have a theory that apple provides all this Face ID data to the Many-Faced God, you know since Arya stole a bunch of them faces XD

 

[Danielx64]

Decided to look on youtube and I see this:

 

[ForgottenSeer 55474]

Hey, after this I am very happy with my iPhone 6 Plus & 7 plus, fingerprint scanner is safe in my opinion

 

[NikolayfromRussia]

Ha, ha, ha..... The ,,red price,, (in Russian we say ,,red price,, to determine a maximum price) is $ 400 but not $1200 as offered in Amazon. I don't know how much it us in US at apple stores but it is too overrated and not worth the cost. Sorry but it is my opinion.

 

[In2an3_PpG]

So Apple seems to know that the facial recognition feature does have problems, so why go through with making it your main security feature for your prized flagship?

 

[Deleted member 65228]

A normal, good password will always be better for security IMO. A good password will be hard to crack due to use of numbers, not using characters in a straight line and even in some cases, a combination of both lower-case and upper-case... With at least 8-10+ characters.

Face ID identification is flawed because of the establishments demonstrated in the video posted in this thread, as well as the information mentioned by another member @daljeet. He is correct IMO, the algorithms likely work like this and therefore can be exploited with masks or similar face (e.g. your children, parents, etc. -> potentially but possible as we can already see).

Finger print identification is flawed because it isn't impossible to steal someone elses finger prints. If someone shakes your hand, or touches something which you later use for analysis, you can extract their print onto something else and then use the item which now has a copy of their prints to bypass finger print identification. In the real word, professional criminals may actually steal someone else's prints and overlay them onto their own gloves, to fool forensics into believing someone else was responsible for something when they weren't (push them off the right direction). The same method can be used to bypass finger print identification. It doesn't take a genius to do it, even in science lessons in... school maybe, you may learn a bit about fingerprints in a practical lesson, who knows.

IMO a good strong password will always be the best primary option. Due to the time it can take to crack them. Someone can attempt to brute-force with common passwords or new calculated passwords looping through random combinations, but you can enable Two-Factor Authentication (2FA) to require phone and/or e-mail consent. Some services will auto-lock your account after X amount of incorrect guesses until further validation, helping to prevent brute-force attacks from being successful in any timely fashion, even if the password is quite weak and would not take as much time to guess through brute-force password cracking tools.

If you don't re-use the same password, if a service becomes compromised, it can be harder to attack you further past the scope of that service. For example, if you use the same password on a service which is attacked and has their network breached and passwords are stolen but the encryption is eventually broken, the attacker could then potentially hijack your other accounts by signing into your e-mail using the credentials (same password being used). However, if you use a different password for different services, then you are even tougher to target.

Therefore, if you want to use Face ID or finger print authentication, combine it with an after password if possible. That way you will be much more secure IMO.