Cops, hackers and your mom can unlock your phone with a 3D printed model of your head
Flagships like the LG G7 ThinQ, OnePlus 6, and Samsung Galaxy S9 and Note 8 are susceptible.
The Android operating system has had support for facial recognition unlocks since before Lollipop came out in 2014, via Google’s Trusted Face feature. That nifty feature lets you unlock your phone by looking at it, in a similar function to Apple’s FaceID.
Trusted Face lets you take a bunch of photos of your face while training it to recognize your features.
Crucially, it no longer has a “Liveness” test. When the face unlock feature was introduced in 2011’s Android 4.0, Ice Cream Sandwich, it made the user blink once it recognized the face. That was a guard against unauthorized users unlocking your phone via photographs, models or while you were asleep.
Facial recognition can be tricked
The feature has never been secure, with black and white photos fooling the camera, selfies, this hilarious way of fooling the Blink Test, and this new method used by Thomas Brewster of Forbes.
Brewster used Backface, a 3D scanning, and printing company in Birmingham, UK, to get a lifelike replica of his own head to test the face unlock capabilities of a bunch of Android phones and one iPhone with FaceID.
50 cameras took photos of Thomas from every angle, those images were then stitched back together into a 3D image. Then the model gets 3D printed in colored gypsum, essentially making a plaster head.
He then took that plaster head to try and break into five smartphones, an iPhone X and four Android devices: an LG G7 ThinQ, a Samsung S9, a Samsung Note 8 and a OnePlus 6.
So, which phones were fooled?
Here’s the kicker – all of the Android phones unlocked using the cloned head. The LG and OnePlus devices unlocked almost instantly when presented with the head. Samsung’s S9 and Note 8 both have iris scanning, which wasn’t fooled by the 3D printed eyes, but when using the non-iris version of face unlock, both were unlocked via the fake head.
Apple’s turn in the spotlight went completely differently, leaving the iPhone unlocked no matter what lighting or angles they tried. The iPhone X’s FaceID also uses a dot projector to test the 3D features of your face.
While testing the feature, Apple paid a Hollywood studio to make realistic masks to test with so it’s not terribly surprising that a fake head didn’t unlock it. Microsoft’s Hello functionality also wasn’t fooled.
If you still want to use facial recognition on your Android handset for easy unlocks, that’s down to you. Just don’t treat it as secure – it’s closer to “swipe to unlock.”
Do you use facial recognition? Do you consider it safe? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.
- Here’s how to use the new eSim feature on the iPhone XR and XS
- Apple Music is killing off the Connect feature you probably never used
- New rumors floating around point to a Samsung Galaxy S10 release date
- Google Photos will no longer offer unlimited storage on certain video formats