3D-printed head fools Android facial recognition

midian182

TechSpot Editor
Staff member

Forbes cybersecurity journalist Thomas Brewster commissioned a 3D printed model of his own head to test the facial recognition security feature on four Android handsets: LG G7 ThinQ, the Samsung Galaxy S9, the Samsung Galaxy Note 8, and the OnePlus 6.

Brewster managed to unlock all the Android phones, though he notes it was “with differing degrees of ease.”

Phones from LG and Samsung warned that using facial recognition wasn't the safest security method, advising users that anyone with a close resemblance might be able to unlock the devices. The G7 ThinQ was opened straight away, though the company has since updated the device to make it more difficult to unlock.

The Samsung phones were also fooled by the printed head. They took longer to open when the less secure “faster recognition” feature was disabled, requiring different lighting and angles.

The OnePlus 6 fared worst of all, offering no security warnings and opening instantly when shown the model.

One handset that wasn’t fooled was the iPhone X. This shouldn’t come as too much of a surprise—back when the firm first revealed the device last year, Apple said it had worked with Hollywood studios to create realistic masks to test the system. Additionally, Microsoft’s Windows Hello facial recognition couldn’t be tricked, either.

There are some caveats with the experiment. Brewster’s head was recreated by professionals in a dome-like studio containing 50 cameras. And all the Android makers advise using the fingerprint scanner for extra security, while the iPhone X, which doesn’t have one, has more advanced tech in its facial recognition system, such as IR depth matting and attention awareness.

Permalink to story.

 

OutlawCecil

TS Evangelist
Oh come on! This is not news. You printed a 3D life-like replica of the person's face. I'm sure if I drop my phone, I'm at risk of somebody unlocking it by simply creating an exact replica of my head and printing it out. Security alert! Shame on phone companies for not seeing this major flaw!
 

Kibaruk

TechSpot Paladin
Oh come on! This is not news. You printed a 3D life-like replica of the person's face. I'm sure if I drop my phone, I'm at risk of somebody unlocking it by simply creating an exact replica of my head and printing it out. Security alert! Shame on phone companies for not seeing this major flaw!
It's still worth noting that iPhones and Microsoft Hello devices weren't unlocked by a this is not news 3D life-like replica of the person's face.
 
  • Like
Reactions: Reehahs
S

senketsu

Oh come on! This is not news. You printed a 3D life-like replica of the person's face. I'm sure if I drop my phone, I'm at risk of somebody unlocking it by simply creating an exact replica of my head and printing it out. Security alert! Shame on phone companies for not seeing this major flaw!
my first thought when I read the article was the use of this by security agencies/police. If they have you and they have your phone and you don't want to unlock it.....
 

Ultraman1966

TS Booster
It is well known that standard android face unlock is not very secure (and it doesn't claim otherwise to this) and can sometimes be fooled by a photo. The iPhone has an infrared 3d face scanner which the Huawei Mate 20 Pro also possesses...that would be a fairer comparison.
 

Reachable

TS Evangelist
What if they had an artist paint his 3-D printed head in realistic colors? Would that fool the iPhone?

What about mimes and clowns? Can they still unlock their phones?

So many questions.
 

Nobina

TS Evangelist
I think the security we have in your smartphones like fingerprint scanner and face recognition are more than enough for average user. If you're worried about privacy don't forget that smartphone is your personal surveillance device and your government can probably unlock it either way since it's backdoored.
 

Fred753

Banned
I think it’s telling for my banking app allows me to unlock the app using Face ID for iOS devices but not with face authentication features on android devices. Apple put in the hard work to make it every bit as secure as Touch ID, if not while, while android smartphone OEMs simply crammed in said feature just to tick off a feature checkbox.

And people still go around conflating the two.