Several popular Android phones utilizing facial recognition technology can be broken into with nothing more than a 3D-printed head.
In an attempt to gauge the effectiveness of phones that rely on a user’s face to unlock, Thomas Brewster, cybersecurity reporter for Forbes, had his own likeness digitally recreated and tested against five leading smartphones.
Brewster first visited a company in the U.K. and paid roughly about $380 to have a system of 50 cameras meticulously capture his facial features. The images were then fed into a program known as “Backface,” which works alongside a 3D printer to build a replica of one’s head with “layers of a British gypsum powder.”
After registering his actual face to an LG G7 ThinQ, a Samsung S9, a Samsung Note 8, a OnePlus 6, and an iPhone X, Brewster tested the reliability of each phone’s security.
While some phones were easier to defeat than others, requiring the 3D-printed head to be placed at specific angels with different lighting, only the security of one phone was robust enough not to be fooled.
Brewster notes that G7, which opened immediately when shown the bust, warned users during the setup phase not to rely solely on face recognition.
The S9 issued a similar warning on startup, specifically noting: “Your phone could be unlocked by someone or something that looks like you.”
The Note 8, which offers both a normal and a less secure “faster recognition” mode, was also defeated by the 3D-printed head.
The only phone not to offer a security warning about the limits of facial recognition, the OnePlus 6, was “undoubtedly, the least secure of the devices,” Brewster said.
The iPhone X, the most expensive of the phones tested, was unsurprisingly the only device to deny the fake face access.
“Apple’s investment in its tech—which saw the company work with a Hollywood studio to create realistic masks to test Face ID—has clearly paid off,” Brewster wrote.
While the vast majority of cell phone owners at present are unlikely to face such an attack, users concerned about security should rely on a strong alphanumeric passcode to protect their devices.
- The best keyboard emoji for Android
- How to get a Google Voice number
- Google’s Project Fi is the best cellphone plan you’re not using