Two friends beat Apple’s million-to-one odds as both can unlock the same iPhone X using Face ID

“Two friends have beat million-to-one odds to crack the facial recognition on the iPhone X – after discovering it accepted both their faces,” Shivali Best reports for The Mirror. “Joe Clayton, 23, was shocked when best pal Brad Butcher, 22, unlocked Apple’s most expensive phone just by looking at it.”

“The construction site manager had set up the gadget so only his face appearing in front of the camera would unlock the phone,” Best reports. “But the phone will also give Ben access – and therefore make contactless payments – despite Apple claiming the chances of a mix up are one in a million.”

Clayton and Butcher “have distinctly different shaped faces, noses and mouths. The discovery casts doubt on the security claims of the phone and Apple’s ‘million to one’ claims,” Best reports. “”

pple say the probability of a random person unlocking an iPhone X with facial ID is one in a million - less than their 'fingerprint' technology (Image: SWNS.com)
Apple says the probability of a random person unlocking an iPhone X with Face ID is one in a million (Image: SWNS.com)

 
Read more in the full article here.

MacDailyNews Take: Well, they do look somewhat similar, but not so similar that they should be able to fool face ID.

We bet that if Clayton rescanned his face (Settings > Face ID & Passcode > Reset Face ID), Butcher would not be able to unlock Clayton’s iPhone X.

In fact, if you’re having problems with your iPhone X unlocking via Face ID, reset it. It’ll likely work better for you, too.

66 Comments

      1. No we don’t. I do CT/MRI for a living and can tell you we are all very different- from the bones inside out.
        Most people have asymmetric faces which is where the whole “get my good side” comes from. Also, the more symmetric a persons face is, the more likely they are considered attractive.
        Here is an example:

  1. I don’t buy this for one second, I have a brother and we look very similar to the point of the same eyes and nose. Not identical twins mind you, but we do get mistaken for each other quite a bit. He can not unlock my iPhone X, and I can’t unlock his. I have feeling that this was set up deliberately and under normal conditions it wouldn’t work, I call bullshit.

    1. My thought is that perhaps they did this:
      -set up faceID with owner only.
      -friend attempts to unlock, gets denied.
      -friend inputs correct passcode, faceID incorporates new facial data.

      Isn’t that what MDN says happens? If FaceID fails, and you input passcode it prompts FaceID to adjust?

        1. an implementation flaw. It’s a guy setting up Face ID by teaching it about his face AND his friend’s face at the same time. If you use Face ID normally it works as advertised. This is a scam set up. Don’t be fooled by it.

            1. dense aren’t you? This is a dumb trick to get media attention. You’re so desperate to hate Apple that you latch onto any negative story and get fooled so easily.

            2. saying Apple needs to fix the ability to have multiple different people’s fingerprints for Touch ID, or Apple needs to fix that covering your phone’s antenna causes the signal to drop, or Apple needs to fix that throwing your iPhone against a concrete wall breaks the screen. There’s only so much stupid Apple can fix or be held accountable for. If you’re going to purposefully set up Face ID incorrectly and stupidly, that’s on you, not Apple.

            3. registering each of their faces. It is one face being set up incorrectly. By setting it up incorrectly you are giving Face ID bad data. Bad data in = bad data out. How would you suggest Apple fix the problem of people being stupid and not following basic instructions when setting up Face ID? Hint: if you say it isn’t your problem that means you don’t know.

              Next you’ll tell me if I put my iPhone in the microwave that’s a severe implementation flaw and Apple should have thought of people wanting to microwave their phones to keep them warm in the winter.

              What happened to personal responsibility? I drove over a bunch of nails and got a flat tire! How dare the car company not think of this scenario, what a severe implementation flaw!

            4. ” It is one face being set up incorrectly. By setting it up incorrectly”

              Should not be possible, should “just work”.

              “What happened to personal responsibility?”

              Apple took that away a long time ago when they decided to be the IT department. Can’t have it both ways. If the user is not free to fully configure, they are absolved of configuration responsibilities.

            5. you have no ideas about what Apple should do differently, you just don’t like whatever Apple does. By your logic then anything stupid that users do is Apple’s fault. That’s troll logic. Glad you admitted you don’t believe in personal responsibility.

            6. solution or admit you don’t have a clue.

              “I ignored your solution. It suck worse.”

              Ya, I’m sure you have a solution, not. It suck worse? You good English talk.

            7. I don’t have to do anything. Did I tell Apple to make claims that they or you can’t uphold? It shouldn’t be possible to re-register a second face as the same person. If they are as good as they claim, it should “just work”.

            8. “I don’t have to do anything.”

              That’s because you have nothing to offer so you can’t do anything.

              “It shouldn’t be possible to re-register a second face as the same person.”

              This is Face ID gathering and incorporating new data for a single face registration, and if you give it bad data you’ll get a bad result. No reasonable person is going to set up Face ID in this way. It would be stupid to hobble Face ID just to deal with a situation that no reasonable person would be in. This is also probably a very odd situation where two people happen to have very similar bone structure and set up Face ID incorrectly, on purpose. This isn’t a problem that needs a solution. I can see ways this could be dealt with in a software update, but it isn’t a real world problem. It’s a made up problem to grab headlines. We saw a lot of the same kinds of headlines when Touch ID first came out. I bet you were crying about Touch ID too.

              Face ID works great and it will only get better. You’re seriously upset by this. Your envy is showing. Oops.

            9. A more serious answer is… Apple overstated Face ID’s capabilities. You shouldn’t have to re-register your face, and if you do it should wipe out ALL previous face registration and put you through a more stringent new registration. More angle’s more inputs with all pairs of glasses, ONCE. Schmuck! I’ll send you my bill, you pay for Apple.

            10. dumb Face ID down then. Great idea (sarcasm).

              “Apple overstated Face ID’s capabilities. You shouldn’t have to re-register your face, and if you do it should wipe out ALL previous face registration and put you through a more stringent new registration. More angle’s more inputs with all pairs of glasses, ONCE.”

              You don’t re-register your face with Face ID. Wiping out all previous face data is an incredibly stupid suggestion. Face ID continues to gather data and learns as you change, that’s why it works so well. That does mean (unless these two jokers did some other fakery) that if you set up Face ID incorrectly right from the start you’ll get a poor result. However, continuous learning is the right way for Face ID to work. It keeps learning and incorporating new data. That isn’t re-registering your face. It’s an intelligent system that continues to learn. You want to turn that off. Very dumb idea.

              With your method I would have to, all in one session mind you, wear every possible combination of face wear I might ever own, grow a beard and all possible combinations of facial hair, think of every possible angle and variation where my face might change. I have to do this all at once according to you. Or, Apple could design an intelligent system that learns as you change and I don’t have to do any extra work. I wonder which method is a better idea? Hint: not your dumb idea. That’s honing in on Trump-level dumb.

            11. understand how Face ID works.

              “It should NOT be possible to re-register a face without wiping out the previous one.”

              Hint: This is not how it works. Maybe you’re used to Windows-land or Android-land where dumber systems are the norm. Face ID is NOT constantly re-registering your face, it’s learning as you change, adding data.

            12. I said. Is English your second language? That would explain a lot.

              “YOU told me the second face was registered using a passcode.”

              I did not. You misunderstood because you must be used to the dumb systems on Windows and Android. You keep misunderstanding that Face ID is registering two faces. That isn’t what is happening. Face ID is incorporating new authorized data about a single face because the user is telling Face ID all this data is a single face. This goes back to bad data in = bad data out.

              I hope you understand how stupid your suggested solutions are though. Like, Trump-level dumb.

            13. ” It’s a guy setting up Face ID by teaching it about his face AND his friend’s face at the same time.”
              You said that.

              Now look what I found…why am I doing your homework for you? Perhaps because you’re a delusional moron rooting for your team?

              https://mashable.com/2017/10/31/apple-iphone-x-one-face-for-face-id/#vLTYDpt3eOq9

              From within…
              “iPhone X can only register one face, but there’s a good reason” then this…

              “It takes just a few moments to initially register your face, but I discovered there is no option for registering another person. Your only choice is to delete your face and register someone else’s. Though there is no good reason to do that. ”

              Oh shit! Apple is already doing what I suggested! The horror!

              Masturbation, mental or otherwise is a private activity. Get a room!
              Now that we’ve determined that you’re a jack ass, kiss off.

            14. ” It’s a guy setting up Face ID by teaching it about his face AND his friend’s face at the same time.”
              You said that.”

              Yes I did. This is not registering a second face using a passcode, which is what you claimed I said.

              “YOU told me the second face was registered using a passcode.”

              Apple is not doing what you suggested, because what you suggested is stupid. You said “and put you through a more stringent new registration. More angle’s more inputs with all pairs of glasses, ONCE.” (by the way, your dumb suggestion means I have to grow a beard and make that part of the one time registration process in case I ever grow a beard. Oh, and I have to know in advance all the glasses I’m ever going to wear).

              Apple IS doing what I said, Face ID is continually gathering data about the single registered face. That you linked to an article proving only one face can be registered PROVES what I was saying. How dense are you?

            15. where you keep misunderstanding how Face ID works. You don’t just register your face once and that’s it. Face ID uses on board machine learning to update the math or data it uses to recognize your changing face, from different expressions (squinting, resting your hands on your face, etc), to facial hair, to make up, to glasses, hats, scarves, even injuries. Face ID uses both successful unlocks and unsuccessful unlocks (when followed by a correct passcode) and it keeps learning about your face. You seem stuck on this notion that Face ID has a single one time registration process. That is not how it works. It’s an intelligent learning system that continually augments the data about your face. That is why if you give Face ID bad data right at the start, you’ll get poor results. However, no reasonable person is going to set up Face ID by authorizing it to recognize wrong data. It’s a dumb trick. It’s much better to leave Face ID as an intelligent learning system that can recognize your changing face than your idea of dumbing it down to a single one time registration process just to deal with a situation no reasonable person will ever encounter.

            16. and will keep replying.

              “intentinally ignored…”

              Not so much pathetic troll. Learn how Face ID works and I might take you seriously. Do you ever wonder why hardly anyone ever replies to you on MDN?

            17. You are speaking out of both ends of your rectum. It was I that said re-registering a face should wipe all previous registration. And indeed that’s what Apple does. You erroneously say no.

              Before that, I say you should not be able to register another face with a passcode, which on one hand you say yes, on the othe ryou say no. AN erroneous face accepted by passcode IS another face. Schmuck!

              It doesn’t bother me that we disagree, you have no credibility.

            18. and misunderstanding how Face ID works.

              “It was I that said re-registering a face should wipe all previous registration. And indeed that’s what Apple does. You erroneously say no.”

              Learn to read, that’s not what I said. You’re misunderstanding it that way but it isn’t what I said. I explained very simply how Face ID works and you can’t seem to grasp it.

              “Before that, I say you should not be able to register another face with a passcode, which on one hand you say yes, on the othe ryou say no.”

              Learn to read again. You keep misunderstanding that it is a second face. It is not. It is gathering data on a single face, and you are telling the system the data is for the single authorized face. You are giving the system bad data. It is not, however, an erroneous face. It is authorized data.

              These are simple concepts to understand.

            19. “You don’t re-register your face with Face ID. Wiping out all previous face data is an incredibly stupid suggestion.”

              Yet re-registering, correctly, does just that. Is Apple stupid? If FaceID can’t properly recognize you, it should accept the passcode to let you in, but NOT add that face to it’s learning data. Even if these guys tried to rig it, they should not be able to. If you grow a beard, you should enter further training as a separate double validated step, not passively.

              “You keep misunderstanding that it is a second face. It is not. It is gathering data on a single face and you are telling the system the data is for a single authorized face”.

              I can see why your feeble mind would think that. An unrecognized face IS a second face to the machine, whether it’s the same person or not. This should NOT be adding the data based on passcode alone. It should just let you in and IGNORE the face it just saw. Otherwise it’s like registering OTHER FACES. Machines do not have consciousness. This is just image analysis and pattern recognition.

            20. I guess. Either that or you hate Apple so much you are blind.

              “An unrecognized face IS a second face to the machine, whether it’s the same person or not. This should NOT be adding the data based on passcode alone. It should just let you in and IGNORE the face it just saw.”

              It isn’t an unrecognized face, it is an authorized face. Face ID does add that data in order to learn your face. It knows when you’re giving it your attention and trying to unlock the phone and it knows when you are authorizing it. This is in part how Face ID seamlessly learns so you don’t have to keep registering your face every time you grow a beard, wear heavy make up, get new glasses, wear a scarf.

              After reading through the technical information I would bet that this trick could only be accomplished very near the beginning of the set up and learning process. Meaning you have to be an idiot and set it up incorrectly on purpose. Do you want Apple to assume you’re an idiot and design everything with that goal? Did you just admit that you’re an idiot? I think you did.

              “If you grow a beard, you should enter further training as a separate double validated step, not passively.”

              Oooookaaaay Mr. Trump. What a dumb idea. Let’s make everyone go through a double validated step instead of the system just learning how your face changes automatically. We’ll implement this dumb idea just to deal with a situation no reasonable person will ever be in.

              You should run for President. Or apply for a cabinet position. You’ll fit right in.

            21. “It isn’t an unrecognized face, it is an authorized face.” That is a failing. That is how you allege these two guys did it. It should not be possible. Training should ONLY happen under controlled conditions.

            22. dumb as ever.

              “That is how you allege these two guys did it. It should not be possible. Training should ONLY happen under controlled conditions.”

              I said that I doubt it is possible at any time other than right at the start when setting up Face ID. Once Face ID learns too much this trick would not work. I’m confident in my understanding of the technical details.

              Face ID uses machine learning to continually train itself and this is much smarter than your idea of training happening only in controlled conditions which means doing it manually. That’s dumb and it isn’t necessary.

              I understand what you are saying. You want Face ID to require dedicated manual training sessions each time your appearance changes. Grow a beard. Sit down and do some training with Face ID. Shave a beard. Sit down and do some more training. Get a black eye. More training. Wear heavy make up. More training. Switch glasses. More training.

              That’s dumb. Face ID can learn as you use it. If that means you can do this trick right at the beginning of the set up process who cares? Nobody is going to set up Face ID like that by intentionally giving it bad data. It isn’t a problem that needs a solution. You’re just trying to find fault in anything Apple does. You are the most desperate troll I have ever encountered.

        2. “It’s not my problem to fix”

          That’s an admission that you don’t know. The solution is simple. Make Face ID less flexible with learning how your face changes, recognizing you with sunglasses on, scarfs, facial hair, etc. You take away much of the ability of Face ID to learn and incorporate new face data and the issue should be solved. Should Apple do this just to cover off a situation no reasonable person is going to be in? These guys did this on purpose as a trick and fooled you. No reasonable person is going to set up Face ID in this way. You calling this a severe implementation flaw is as dumb as saying the screen breaking if you throw your phone against a concrete wall is a severe implementation flaw. I know you don’t believe in personal responsibility but people do have to take some basic measure of responsibility to use their stuff in a reasonable manner.

  2. The “one in a million” comes up more often than one tends to think.

    10 years ago, living in Japan, my wife and I were invited to visit an acquaintance. I parked next to their car (both Toyotas). When I locked my car with the fob, their car made a noise. I unlocked mine and theirs unlocked also. I locked mine again and their’s locked. The acquaintance was standing there totally surprised and amused too!

    A one in a million in a 7.5 billion world is not too rare.

    1. The same thing happened a couple of years ago in Vancouver BC where identical looking Mazda’s parked a few cars apart from the parking lot also had identical remote key frequencies and codes. Only when one of the owners opened their trunk and found somebody else’s stuff in there did they realize they drove home in somebody else’s car.

    2. Ah, see, but the point is, it’s rare ENOUGH 🙂

      Actually, for me 1 in 300 would be enough as long as I never come into contact with 300 other people I’d ever let near my phone. Currently, the folks near my phone = 0. If you steal my phone and find someone that looks like me… well, I’d feel sorry for the fellow to be stuck with MY ugly mug (or an ugly mug even closely approximating my mug) Whatever value he can get from that face… from the guy that pays him to unlock the phone… I figure he’s worth it.

  3. I’m sure Face ID will get better, but right now it fails to simply work somewhat often prompting the pass code, Way more than the finger Id does.. which is a slight pain in the ass. its a lot of tech to avoid a button.

    It’s like the old NASA days, NASA spent millions designing a pen that worked in ZERO Gravity….
    The Russians used a Pencil.

    It’ll get better.

    1. A Pencil… with the microscopic graphite shards such a device would release. Free-floating in your personal space. To find their way into who-knows-where. And that’s BEFORE you attempt to sharpen it (as pencils are sometimes apt to need) Sometimes, common sense applied to an uncommon location doesn’t QUITE line up)

      And all that is BEFORE you actually realize that Fisher spent the money on research and development of the pen that NASA tested and, once they found it passed expectations, they bought them for a decent price. Especially since astronauts REAALLY didn’t want to use something flammable after, you know, flammable death! CAPITALISM at it’s finest 🙂

    2. I agree with you that Face ID will get better just as Touch ID did over time. I do have to correct you on one thing, though.

      The “NASA spent $1m dollars on a pen” story is not true. At the start of the space race both the USSR and the US used pencils. Seeing as it was a fire hazard in the pure oxygen atmosphere of the capsule a private company, Fisher Pen Co., spent there own money to develop the “Space Pen” without NASA’s knowledge and then sold it to them. Both Russia and the US use the pen today.

      https://www.snopes.com/business/genius/spacepen.asp

      1. I think that pencil vs. space pen story, while originally thought to be true, then to be a meme/hoax, eventually morphed into a metaphor for the US vs. Russian approach to technological solutions.

        MiG 29, when it appeared, has been considered as a capable adversary to F-16 and F-18, with its agility giving it a distinct edge in close combat. Technologically, it is remarkable how much simpler it is. For most regular maintenance work, a MiG 29 can be serviced with its standard tool set, on the most remote airfields in the Siberian tundra. It can take off and land from unimproved landing strips, if necessary… For any of the US-made fighter aircraft, you need a full complement of diagnostics gear and engineers even for fairly simple maintenance tasks.

        USA has a history of successfully resolving technological challenges by throwing massive amounts of money at them. USSR had no such luxury, and the challenges were the same, so they had to address them in other ways. One has to admire a lot of those low-budget solutions.

  4. The same thing happened a couple of years ago in Vancouver BC where identical looking Mazda’s parked a few cars apart from the parking lot also had identical remote key frequencies and codes. Only when one of the owners opened their trunk and found somebody else’s stuff in there did they realize they drove home in somebody else’s car.

  5. I still say apples original intent was to have Face ID alongside ‘in screen’ fingerprint scanning. MDN can bleat all it wants but in many cases a discreet finger press is more appropriate. A future iPhone will incorporate both. Face ID is amazing for some future possibilities but should have launched alongside a scanner.

  6. I call bullshit. Assuming there are 6 billion people on the planet, that implies there is 1 in a million chance or, basically 6,000 people that *might* be able to unlock my iPhone. Now what’s the odds of me knowing or finding one of those 6000 people? Not very likely. And what’s the chance that one of them is already my friend? Much lower. Possible but highly, highly unlikely.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.