A 3D printed plaster head has fooled the facial recognition of four popular Android phones, a situation that worries specialists.
Forbes journalist Thomas Brewster himself performed these tests using a plaster replica of his face that he had custom made. Facial recognition of tested Android phones could be circumvented by this hoax, but not that of iPhone X, Apple, or that of Microsoft software.
These findings are of concern to cybersecurity experts, who are interviewed by Forbes and Techcrunch, who recommend that you stop using facial recognition to secure devices or use them in combination with a password or secret digital code.
LG better than Samsung and OnePlus
The $500 head-to-head failed the protection of four of the most popular Android devices: the Samsung Galaxy S9, the Samsung Galaxy Note8, the LG G7 ThinQ and the OnePlus 6.
Of all these phones, the OnePlus 6 was the least effective, unlocking instantly as soon as the face of plaster was placed in front of the sensors.
The Samsung Galaxy Note8, the most expensive device of the four Android models, has also proven unsafe in fast recognition mode. His normal mode lasted longer, forcing the Forbes team to adjust the lighting to unlock it; the security of this phone is less effective when the lighting is warmer (more yellow or orange).
It also took a few seconds for the plaster head to defeat the facial recognition of the Samsung Galaxy S9.
Only the LG G7 ThinQ seemed to detect the deception, not reacting to the fake face every time in its safest mode. The faster detection modes have, on their side, sometimes been foiled.
Apple and Microsoft, impenetrable
As for the iPhone X, Apple, nothing has done. The luxury phone of the Californian brand has never flopped, regardless of the setting or lighting chosen. Ditto for the new Windows Hello system from Microsoft, which allows you to unlock computers running Windows 10.
Last September, US police used Apple’s Face ID technology to unlock a suspect’s phone by pointing the detectors to his face. This method served as a shock to the cybersecurity community, which then warned the public of the risks associated with this kind of security system.
In the U.S., police can not ask a suspect to disclose a password, but they are allowed to point a phone at a person’s face or use their fingerprints to unlock a device.With information from Forbes and Techcrunch