Cops, hackers and your mom can unlock your phone with a 3D printed model of your head
Flagships like the LG G7 ThinQ, OnePlus 6, and Samsung Galaxy S9 and Note 8 are susceptible.
The Android operating system has had support for facial recognition unlocks since before Lollipop came out in 2014, via Google’s Trusted Face feature. That nifty feature lets you unlock your phone by looking at it, in a similar function to Apple’s FaceID.
Trusted Face lets you take a bunch of photos of your face while training it to recognize your features.
Crucially, it no longer has a “Liveness” test. When the face unlock feature was introduced in 2011’s Android 4.0, Ice Cream Sandwich, it made the user blink once it recognized the face. That was a guard against unauthorized users unlocking your phone via photographs, models or while you were asleep.
Facial recognition can be tricked
Brewster used Backface, a 3D scanning, and printing company in Birmingham, UK, to get a lifelike replica of his own head to test the face unlock capabilities of a bunch of Android phones and one iPhone with FaceID.
50 cameras took photos of Thomas from every angle, those images were then stitched back together into a 3D image. Then the model gets 3D printed in colored gypsum, essentially making a plaster head.
So, which phones were fooled?
Here’s the kicker – all of the Android phones unlocked using the cloned head. The LG and OnePlus devices unlocked almost instantly when presented with the head. Samsung’s S9 and Note 8 both have iris scanning, which wasn’t fooled by the 3D printed eyes, but when using the non-iris version of face unlock, both were unlocked via the fake head.
Apple’s turn in the spotlight went completely differently, leaving the iPhone unlocked no matter what lighting or angles they tried. The iPhone X’s FaceID also uses a dot projector to test the 3D features of your face.
While testing the feature, Apple paid a Hollywood studio to make realistic masks to test with so it’s not terribly surprising that a fake head didn’t unlock it. Microsoft’s Hello functionality also wasn’t fooled.
If you still want to use facial recognition on your Android handset for easy unlocks, that’s down to you. Just don’t treat it as secure – it’s closer to “swipe to unlock.”
- Here’s how to use the new eSim feature on the iPhone XR and XS
- Apple Music is killing off the Connect feature you probably never used
- New rumors floating around point to a Samsung Galaxy S10 release date
- Google Photos will no longer offer unlimited storage on certain video formats