FB pixel

Native smartphone face biometrics can be spoofed; UK consumer groups freaks out

Native smartphone face biometrics can be spoofed; UK consumer groups freaks out
 

Smartphone face biometrics from many leading brands are vulnerable to spoof attacks with 2D photographs, according to a new report from UK-based consumer testing and review group Which?, according to Yahoo Finance UK.

The group says the vulnerability is “unacceptable,” and has “worrying implications” for user’s security.

On-device biometrics are used for device unlocking and local authentication, while KYC processes for customer onboarding and strong remote identity verification is typically carried out with server-side biometrics and other signals, with a layer of liveness or presentation attack detection.

The phones tested include Honor, Motorola, Nokia, Oppo, Samsung, Vivo and Xiaomi handsets. Apple’s 3D FaceID biometrics were not fooled by the photos. The devices tested range in price from £89.99 to nearly £1,000 (approximately US$112 to $1,244), but the majority of phones that failed the test are lower-cost or mid-range models.

Out of 48 new smartphone models tested, 60 percent were not vulnerable to spoofing with a photograph.

Google says that Class 3 biometric unlock is required for contactless payments above £45 ($56), which means the vulnerable models should not support those payments through facial unlock.

“We would strongly advise anyone using these phones to turn off face recognition and use the fingerprint sensor, a strong password or long PIN instead,” says Which? Tech Editor Lisa Barber. “This needs to be a wake up call for manufacturers – they need to step up and improve the security of their biometric systems against spoofing.”

Data from roughly one-third of Americans is hacked each year, mostly due to insecure usernames and passwords and low digital literacy, according to career consultancy Zippia.

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Growth of digital wallet use shaking up payment regulations and benefits delivery

Digital wallets are transforming online, offline and cross-border payments around the world, prompting calls for regulatory change in Australis and…

 

Sardine nets $70M in Series C funding for automated fraud prevention platform

Sardine, a startup that employs machine learning for fraud prevention, compliance and credit underwriting, has announced a $70 million Series…

 

Indonesia aims to boost digital ID uptake in bid for greater efficiency

Indonesia is digitizing its civil registration services in a bid for greater efficiency as the country’s citizens enjoy improved convenience…

 

Ondato’s biometric age verification joins NIST leaderboard

Ondato has joined the U.S. National Institute of Standards and Technology evaluation of age assurance algorithms in the latest update…

 

Digital identity strengthens super wallets, transforming India’s DPI

India’s digital transformation has been accelerated by its digital public infrastructure (DPI), a framework that enables seamless digital services through…

 

AU petitioned over legal ID discrimination suffered by Kenyan minority group

Legal representatives of a human rights group, Nubian Rights Forum (NRF), have submitted a petition to the African Union (AU)…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events