Almost every flagship Android phone today comes with facial recognition technology. Some of them are so weak that they could easily be tricked with just a photo of the phone’s owner. The Face ID technology on the iPhone X and 2018 iPhones has proven reliable and secure, but it’s not invincible. Forbes contributor Thomas Brewster used 3D printed heads to test how secure the facial recognition technology is on flagship Android phones as well as Apple’s iPhone X.
3D printed heads cost only about £300
Brewster found that all Android phones he tested could be tricked with 3D printed heads. But the iPhone X was “impenetrable.” Apple uses 3D depth sensing and attention awareness technology to enhance security, which helps explain why the 3D printed heads failed to unlock the iPhone X. But Face ID has been fooled by people with similar looking faces (possibly twins) in the past. It’s still way better than any Android phone in the market. The latest iPhone XS, XS Max, and iPhone XR come with an improved version of Face ID.
Brewster got the artificial head 3D printed at Backface in Birmingham, UK. The company built a 3D model of his face using gypsum powder and then added coloring and touch-ups. It all cost him only a little more than £300. Then he registered his own face for facial recognition on the iPhone X, LG G7 ThinQ, Samsung Galaxy S9, Galaxy Note 8, and OnePlus 6.
Once the 3D printed head was ready, he held it against each of the five devices to see if they would unlock. Unsurprisingly, the fake face was able to unlock all four Android phones, though it took more than one attempt on some. The iPhone X did not fail once.
LG says the facial recognition on LG G7 ThinQ is a secondary method to unlock your device. The company also warns users that it is less secure than other methods such as PIN or fingerprint. So, users and the company both know it’s not highly secure. But LG recently updated its facial recognition via an over-the-air update, making it more difficult to be fooled.
Just like LG, Samsung warns its users that they shouldn’t rely only on facial recognition because it could be “unlocked by someone or something that looks like you.” But Brewster had to try different angles and lighting to trick the Galaxy S9 and Galaxy Note 8.
OnePlus doesn’t warn OnePlus 6 users about security risks, though it has said facial recognition is more about convenience than security. In Brewster’s test, OnePlus 6 was easiest to unlock with the fake 3D printed head. “It was, undoubtedly, the least secure of the devices we tested.”
Apple’s iPhone X and Microsoft’s Windows Hello facial recognition both could not be tricked with 3D printed heads. Before introducing Face ID, Apple had worked with Hollywood studios to create realistic masks to test the Face ID technology. Apple has a significant lead over its rivals because it has invested a lot of time and resources.
Android vendors lag far behind Apple, but they are trying to close the gap. Samsung, LG, Huawei, and others are investing heavily in 3D face recognition and iris scanning to make their devices more secure. But they still have a long way to go.
Password still better than biometrics?
Security experts recommend that people worried about the security of their devices should use strong passwords or PIN instead of biometric methods. No matter how secure fingerprint sensor and facial recognition become, there is always the possibility that your biometrics could be copied.
Unlike the passcode, your biometrics are not protected under the Fifth Amendment. It means the police or federal agencies are prohibited from asking your passcode, but they could force you to use your fingerprint or hold the phone to your face to unlock it. Hackers have no such regulations, meaning they could use any possible trick to get into your phone.
A lot of people in the tech community want passwords to become obsolete. Yes, it’s difficult to setup and remember strong passwords for dozens of different services. But the password could still be able to protect your data from the law while your biometrics can’t, unless your password is one of the worst.
According to TechCrunch, it’s incredibly easy for the police to obtain your biometric data as you go about your everyday life. There are facial recognition software and high-resolution cameras almost everywhere to help them identify and obtain your biometric data.