FB pixel

Native smartphone face biometrics can be spoofed; UK consumer groups freaks out

Native smartphone face biometrics can be spoofed; UK consumer groups freaks out
 

Smartphone face biometrics from many leading brands are vulnerable to spoof attacks with 2D photographs, according to a new report from UK-based consumer testing and review group Which?, according to Yahoo Finance UK.

The group says the vulnerability is “unacceptable,” and has “worrying implications” for user’s security.

On-device biometrics are used for device unlocking and local authentication, while KYC processes for customer onboarding and strong remote identity verification is typically carried out with server-side biometrics and other signals, with a layer of liveness or presentation attack detection.

The phones tested include Honor, Motorola, Nokia, Oppo, Samsung, Vivo and Xiaomi handsets. Apple’s 3D FaceID biometrics were not fooled by the photos. The devices tested range in price from £89.99 to nearly £1,000 (approximately US$112 to $1,244), but the majority of phones that failed the test are lower-cost or mid-range models.

Out of 48 new smartphone models tested, 60 percent were not vulnerable to spoofing with a photograph.

Google says that Class 3 biometric unlock is required for contactless payments above £45 ($56), which means the vulnerable models should not support those payments through facial unlock.

“We would strongly advise anyone using these phones to turn off face recognition and use the fingerprint sensor, a strong password or long PIN instead,” says Which? Tech Editor Lisa Barber. “This needs to be a wake up call for manufacturers – they need to step up and improve the security of their biometric systems against spoofing.”

Data from roughly one-third of Americans is hacked each year, mostly due to insecure usernames and passwords and low digital literacy, according to career consultancy Zippia.

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Fees for failed biometric verification enforced as Pakistan makes process mandatory

Easypaisa, a digital financial services platform in Pakistan, has begun charging users for failed biometric verification attempts. According to a…

 

Maldives outlines plan to upgrade digital ID system with $10M from World Bank

An influx of cash to support the development of digital identity and related technologies in the Maldives has arrived, and…

 

Deepfake financial fraud to surge over the next 12 months, Deloitte reveals

According to a recent Deloitte poll, more than half of C-suite executives and other senior leaders anticipate a rise in…

 

Philippines plans to complete universal digital ID registration in 2025

The Philippine Statistics Authority (PSA) is set to register the entire Filipino population in the Philippine Identification System (PhilSys) by…

 

Worldcoin pilots face biometrics, arrives in Poland

Worldcoin has launched its “humanness verification” with iris biometrics deduplication in Poland, and also introduced a set of new security…

 

IN Groupe begins exclusive negotiations to acquire Idemia Smart Identity

IN Groupe has emerged as the likely buyer of Idemia’s biometrics and identity verification business from Advent. An acquisition would…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events