Facial recognition has been lauded as the future of security, but as a simple experiment from Forbes cybersecurity journalist Thomas Brewster showed, it is quite easy to break into a bunch of Android phones using the feature.
Brewster decided to test four Android phones and an iPhone with a 3D-printed likeness of his face. When he conducted the experiment, he realized that he could break into all the phones with the exception of the iPhone. While it is another feather in iPhone’s cap and once again highlights the superior quality of Apple’s software security, the results do not bode well for Google’s operating system.
Brewster first went to Backface in Birmingham, U.K., which specializes in printing 3D models. After being photographed simultaneously by nearly 50 cameras, his images were then uploaded into an editing software, which removed errors. Within a few days, a 3D model of his face was created using gypsum powder.
To conduct his tests, Brewster used four Andriod phones — LG G7 ThinQ, a Samsung S9, a Samsung Note 8 and a OnePlus 6 — as well as an iPhone X. All the phones were locked using Brewster’s real face. He then used the printed model of his face to try and unlock them. All android phones got unlocked, although as Brewster noted, “with differing degrees of ease”.
New – We had a 3D model of my head made to break into a bunch of Android phones using facial recognition: https://t.co/i50s8Y0sSO
Neither Apple nor Microsoft tech was fooled by the fake…
— Thomas Brewster (@iblametom) December 13, 2018
The LG and Samsung phones both warned Brewster that locking the phone using one’s face was not the most secure option, saying that someone who looked similar could also unlock the phone. There is a “faster recognition” option on Note 8, which reportedly makes using the feature more convenient, but less secure. Brewster noted that both LG and Samsung Note 8 phones were more difficult to break into when the slower facial recognition feature was used, but they were far from impenetrable.
As for OnePlus 6, it was the least secure phone of all. Not only did it not give a warning about its facial recognition feature, but Brewster also noted that it was the easiest to break into using his 3D printed face.
But Brewster could not unlock the iPhone X despite multiple attempts. The company’s much-advertised attempts at making its facial recognition feature more secure, which reportedly saw the company work with a Hollywood studio to create realistic masks to test Face ID, has clearly done wonders for Apple.
Brewster ultimately tested Microsoft Hello, which was also impossible to break into using his 3D printed likeness.
What the test has taught us, apart from showing that Android has a lot to catching up to do as far as its facial recognition feature is concerned, is also show us that facial recognition is less secure overall, and must be avoided as much as possible.