FB pixel

Android devices facial recognition fooled by 3D-printed head, but not Face ID

 

A 3D-printed head fooled the facial recognition systems of four smartphones running Android, but failed to unlock an iPhone with Face ID in testing by Forbes.

At a cost of just over £300 (US$378), a Forbes reporter had a 3D-printed replica of his head made by a UK firm, which took pictures of him with 50 cameras simultaneously to construct a single 3D image. A few days after the image is taken, a customer can pick up the replica.

An LG G7 ThinQ, a Samsung S9, a Samsung Note 8, and a OnePlus 6 all mistook the fake head for the real user, but carrying out the spoof involved varying degrees of difficulty, Forbes reports. The LG G7 specifically warns users that its facial recognition feature is a secondary unlocking method, and that it reduces the device’s overall security. The Samsung S9 delivers a similar warning during facial enrollment. The S9’s iris recognition function was not fooled by the 3D-printed head. Forbes notes that during testing, LG seems to have updated its facial recognition software, making it more difficult to spoof.

Forbes tested both the faster and slower versions of face unlock on the Note 8, and was successful with both, but needed to experiment more with different angles and lighting to defeat the slower option, as was necessary with the S9. The OnePlus 6 did not warn the user, and opened with the least effort.

Representatives from all three Android device manufacturers noted that their facial recognition features are meant for convenience, and Samsung noted that high security functions like payments or access to the Secure Folder cannot be performed with it.

The 3D printed head did not unlock the iPhone, and also did not fool Windows Hello in testing.

TechCrunch reports that from a legal perspective, law enforcement agencies could also use the same technique, though Project on Government Oversight Senior Counsel Jake Laperruque says it is not the most practical or cost-effective way for police to gain access to a device.

Forbes suggests those concerned about facial recognition spoofing should consider not using the feature.

“Focus on the secret aspect, which is the PIN and the password,” NCC Group Research Director Matt Lewis told Forbes. “The reality with any biometrics is that they can be copied. Anyone with enough time, resource and objective will invest to try and spoof these biometrics.”

This position begs the question of whether the challenge of copying the biometric exceeds that of learning the PIN and password, however. Further, for most smartphone users, the risk of having an attacker surreptitiously take 50 simultaneous facial photos from all angles without permission is likely minimal.

Article Topics

 |   |   |   | 

Latest Biometrics News

 

Utah judge blocks age verification requirement for social media

A federal judge in Utah has ruled in favor of tech lobby group NetChoice and against the state’s new law…

 

Google announces beta test for digital IDs based on biometrics and US passports

A new type of digital ID based on U.S. passports in Google Wallet has been introduced ahead of beta testing….

 

Biometrics startups address pressing industry challenges in pitch competition

A group of biometric and digital identity startups went head-to-head in a pitching competition at Identity Week on Wednesday and…

 

Mindy Support builds biometric dataset with 1M face images for large US tech firm

Mindy Support, a provider of data annotation and customer service solutions, has compiled a database of face images to train…

 

Idemia NA rolls out credential management system for motor vehicle agencies

Idemia Public Security North America has launched ID2Issuance, a cloud-based credential management system tailored for motor vehicle agencies. This web-based…

 

Thales wins contract to produce driver’s licenses and ID cards for Alaska DMV

The Alaska Division of Motor Vehicles (DMV) has awarded Thales a contract to produce physical driver’s licenses and ID cards…

Comments

One Reply to “Android devices facial recognition fooled by 3D-printed head, but not Face ID”

  1. They are all for convenience, even Face ID. That has its own set of well-documented problems. Recognition is NOT authentication.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events