Android smartphones failed the test, and manufacturers said that the function and should not provide security.
Forbes journalist Thomas Brewster decided to check the security of face recognition systems on various smartphones by printing a copy of his head on a 3D printer. Of the five smartphones from different manufacturers, only the iPhone X has passed the test.
Brewster made a copy of his head at Backface Studios in Birmingham. To do this, he was taken to a room where 50 cameras photographed the head of a journalist from different angles. Then all the pictures were glued together in one three-dimensional model.
The material for the copy of the head Brewster served as a plaster. After the “printout” model painted and eliminated minor flaws. The whole procedure cost the journalist £ 300 (about 25 thousand rubles).
Before the tests, Brewster trained the face recognition system of smartphones on himself. In addition to the iPhone, LG G7 ThinQ, Samsung Galaxy S9, Samsung Galaxy Note 8 and OnePlus 6 participated in the tests.
The journalist in turn brought a fake head to his smartphones to check whether they would take it as a real one. Android devices in all cases managed to unlock, although it was not always possible to do it the first time.
As Brewster noted, the security of all Android smartphones was different. For example, when you turn on the G7, LG warns users that it is better not to turn on facial recognition at all. The company explains that in this case, a person with a similar face can access the contents of the smartphone.
[perfectpullquote align=”full” bordertop=”false” cite=”” link=”” color=”” class=”” size=””]”Face recognition is a secondary unlocking method that makes your smartphone less secure.”[/perfectpullquote]
Brewster said that without any problems, he unlocked the G7 with a fake head. However, in the process of filming, the system received an update and it became more difficult to be deceived.
Similar to the LG warning appeared when the Galaxy S9 was activated. Samsung reports that when using face recognition, the phone can unlock “someone or something that looks like an owner.” The company urges to use the system only in conjunction with a password or PIN code. The journalist did not unlock the S9 from the first attempt: I had to try several angles and angles.
Samsung has added a “fast recognition” feature to the Galaxy Note 8, which is “less secure than slow”. However, Brewster was able to deceive both modes, although in the second case more effort had to be made: to try different lighting and angles.
In a conversation with Forbes, a Samsung spokesman explained that the face recognition feature is not designed to protect the device, but to simplify unlocking.
[perfectpullquote align=”full” bordertop=”false” cite=”” link=”” color=”” class=”” size=””]Face recognition is a convenient action for unlocking a smartphone – the same as swipe. We offer the highest level of biometric authentication through fingerprints and iris – to lock your smartphone and use Samsung Pay or Secure Folder.[/perfectpullquote]
According to Brewster, OnePlus 6 was the most insecure device with face recognition. The smartphone didn’t warn the user about the danger of using the system and was immediately unlocked with a fake head.
In a conversation with Forbes, a representative of OnePlus noted that the facial recognition system was created “for convenience.” The company noted that it has always recommended using a password or pin code, and face recognition does not work in secure applications, for example, when paying with a card.
According to Brewster, in the case of the iPhone X, it was “impossible” to unlock the smartphone with a fake head. The journalist came to the conclusion that all of Apple’s investment in technology paid off and the company worked with the Hollywood studio knowingly, testing the system in a similar way.
Brewster was also unable to trick technology from Microsoft. Windows Hello recognition system did not succumb to deception.
Although the iPhone has stood the test, Matthew Lewis, director of cyber security at NCC Group, advised users not to use face recognition. According to him, bettergo to the password with a combination of letters and numberssince biometric data can always be copied.