Forbes reporter Thomas Brewster recently challenged a variety of smartphone face-recognition systems with a 3D printed head modeled after his own head.
As Brewster explains, the life-size 3D print of his own head was ready within a few days, all for just over £300. For the price, it’s an impressive likeness, but it’s not enough to fool any human into thinking they are looking at the real Thomas Brewster. But could a smartphone be fooled?
To find out, Brewster conducted a test where he tried to unlock four premium Android smartphones like the Samsung Galaxy S9, OnePlus 6, Galaxy Note 8 and LG G7 ThinQ, and the iPhone X. All four Android smartphones were easily fooled by the 3D printed head, and the iPhone X was the only device that was not tricked.
If you're an Android customer, though, look away from your screen now. We tested four of the hottest handsets running Google's operating systems and Apple's iPhone to see how easy it'd be to break into them. We did it with a 3D-printed head. All of the Androids opened with the fake. Apple's phone, however, was impenetrable.
This could be due to the differences in the type of technology used to implement face recognition security among the different brands. While Face ID on the iPhone uses IR depth mapping and attention awareness technology to identify the user, Android phones tend to rely on the selfie camera.
Brewster reveals that none of the phone makers claimed the same level of security and accuracy as apple does. Companies such as LG and Samsung even put warning messages that suggested that facial recognition on their devices might not be as secure as using a PIN, password, or pattern. So for those Android users for whom security is more important, it is best to not to use facial recognition at all, but stick to password/PIN lock.
"Focus on the secret aspect, which is the PIN and the password," said Matt Lewis, research director at cybersecurity contractor NCC Group. "The reality with any biometrics is that they can be copied. Anyone with enough time, resource and objective will invest to try and spoof these biometrics."