[Thomas Brewster] writes for Forbes, but we think he’d be at home with us. He had a 3D printed head made in his own image and then decided to see what phones with facial recognition he could unlock. Turns out the answer is: most of them — at least, those running Android.
The models tested included an iPhone X, an LG, two Samsung phones, and a OnePlus. Ironically, several of the phones warn you when you enroll a face that the method may be less secure than other locking schemes. Conversely, one phone had a faster feature that is known to make the phone less secure.
The phones didn’t just pop open at a glance of the 3D printed head. Some required a little angle changes and lighting. But all the Android devices eventually opened. Many vendors reiterated that face unlocking is more like a swipe to unlock action than a biometric security.
There are quite a few problems with any sort of biometric scan, though. First off, biometrics can change. Your face could become disfigured in a variety of ways. A fingerprint can literally be lost along with its finger. But one of the most worrisome things, to us, is that you can never revoke a biometric signature. Forget your password or lose your keys and we can revoke those things and give you new ones. You can’t get a different face or fingerprint.
The subject head was made from a specialized rig with 50 cameras by a company that specializes in this. The printer used an old technology — gypsum powder — along with some coloring. The cost was £300 (about $377 at today’s exchange rate).
Granted, it seems hard to imagine a casual thief going through the trouble of modeling your head. But an employer? A law enforcement agency? Or someone who could gain a lot by compromising your phone? It isn’t that hard.
Just in case Apple users are feeling smug, don’t forget that a mask apparently did the same trick even on the iPhone X. You can even scan an entire body if you like.