With the AI’s blessing on smartphones, face recognition has become the standard for current smartphones; face recognition is more convenient than traditional smartphone unlocking modes such as fingerprint recognition and character passwords. However, from the perspective of privacy protection, it may not be more secure.
On December 13, Forbes reporter Thomas Brewster published an article about how his 3D printheads fooled the face recognition process of smartphones.
Thomas Brewster completed the process at a company called Backface in Birmingham, England. He photographed his avatar in a studio with 50 cameras and synthesizes a complete 3D image, then imports the image into a 3D printing device, and finally prints out the 3D printhead.
Of course, this head shape is not perfect, and then Backface has modified the head shape in the next few days.
Subsequently, the test on the security of face recognition officially began.
Thomas Brewster first used his real face to register face recognition on five smartphones, including the iPhone X, LG G7 ThinQ, Samsung Galaxy S9, Samsung Note 8 and One Plus 6, and then the face recognition function of the five mobile phones is unlocked using the already printed 3D print head type.
The end result is that all the Android devices that participated in the test were successfully fooled (although there are differences in difficulty), and the iPhone X’s performance was impeccable.
On the LG G7, One Plus 6, Samsung S9 and Note 8, the face recognition function was successfully deceived, which indicates that their security in face recognition is not enough.
For Android phones, face recognition is an auxiliary biometric unlocking tool, and for iPhone X, face recognition is the only biometric option.
Thomas Brewster said that when using the LG G7 for face entry for the first time, users will be reminded and told that face recognition is a less secure alternative.
However, LG said that face recognition will be updated during subsequent use to improve stability and security – but PIN and fingerprint recognition are preferred.
The Samsung S9 also has similar reminders. However, when the user first sets up the phone, face recognition and iris recognition are recommended. Of course, in the 3D printing state, iris recognition is obviously not passable, but face recognition is successful, although it requires some different angles and light.
In Samsung Note 8, Samsung offers a “quick recognition” option, but this option is less secure than normal face recognition.
Samsung responded by saying that face recognition is a convenient way to open the phone, a bit like “slide and unlock”, but the company provides the highest level of biometric authentication system – fingerprint or iris – to unlock the phone and complete the Samsung Pay payment.
One plus 6 did not have the above security reminder, and it was quickly successful in the process of unlocking with the 3D print head.
One plus responded that face unlocking is based on convenience. It is recommended that users use passwords, numbers, and fingerprints to ensure security. At the same time, face unlocking will not be applied to applications such as bank accounts and payments.
The iPhone X passed the test without any suspense, which was determined by its investment in hardware and software related to face recognition; in order to test security, Apple even teamed up with Hollywood Studio to create a simulation mask to test its security.
Based on this level of security, Apple has abandoned fingerprint recognition in the iPhone X and its follow-up products, uses face recognition as a payment security tool too.
In addition, Microsoft’s Windows Hello face recognition performance is also good, it also successfully passed the test, but Thomas Brewster did not indicate which Windows device it tested.
Obviously, in addition to Apple, many Android manufacturers have a lot of room for improvement in face recognition security. So far, most Android phone manufacturers have not dared to completely remove the fingerprint recognition function and that’s why have placed the fingerprint identification module at the bottom of the screen,
Matt Lewis, a security researcher from NCC Group, believes that if users are concerned that their device is being cracked by a “fake head”, then it is best not to use face recognition, but use a PIN code or password because biometric-based unlocking is easy to use. Ways to crack – as long as the cracker has enough time, resources and specific attack objects.
Thomas Brewster’s test is enough to prove that Android face recognition is not safe enough, but it does not prove how easy it is to crack them, especially for ordinary people.
So, the last question is coming. After reading this article, will you still use face recognition on your phone to unlock it?