In a Test, 3D Model of a Head Was Able To Fool Facial Recognition System of Several Popular Android Smartphones

Forbes magazine tested four of the most popular handsets running Google's operating systems and Apple's iPhone to see how easy it'd be to break into them with a 3D-printed head. All of the Android handsets opened with the fake. Apple's phone, however, was impenetrable. From the report: For our tests, we used my own real-life head to register for facial recognition across five phones. An iPhone X and four Android devices: an LG G7 Linq, a Samsung S9, a Samsung Note 8 and a OnePlus 6. I then held up my fake head to the devices to see if the device would unlock. For all four Android phones, the spoof face was able to open the phone, though with differing degrees of ease. The iPhone X was the only one to never be fooled.

There were some disparities between the Android devices' security against the hack. For instance, when first turning on a brand new G7 Linq, LG actually warns the user against turning facial recognition on at all. No surprise then that, on initial testing, the 3D-printed head opened it straightaway. [...] The OnePlus 6 came with neither the warnings of the other Android phones nor the choice of slower but more secure recognition.

Re:Biometrics are generally a bad idea

[AmiMoJo]

Biometrics are better than nothing. In this case the attacker needs to scan your head and 3D print an actual-size model of it, so it's still better than a simple pattern unlock or nothing.

It's all about understanding and evaluating the threat. Facial recognition is a cheap, fast and moderately secure system that will keep your friends and siblings and random thieves out.

People who need real security on their phones use proper passwords.