Recently, Thomas Brewster, who covers security and privacy for Forbes, detailed his experience in using a 3D printed head – modeled after his own – to try and break into several phones of the Apple and Android variety.
Forbes had Birmingham-based 3D printing and scanning company Backface create the head; the process began with 50 cameras combining to take a single shot of Brewster’s head that made up an entire 3D image. The image was loaded into editing software to fix any errors, and the life-size model was then 3D printed out of a British gypsum powder. After a few days, Brewster received the 3D printed model of his head, which cost just over £300 to make.
“You’re then the proud owner of an uncanny, almost-spectral version of your own visage,” Brewster wrote.
Brewster used his real face to register for facial recognition across five phones: the iPhone X, LG G7 ThinQ, Samsung S9, Samsung Note 8, and OnePlus 6. Then, he tested each one with the 3D printed head model to see if he could successfully circumnavigate the phones’ facial recognition. Spoiler alert: while each of the Android phones was tricked, the iPhone was “impenetrable.”
Brewster noted some differences between the various Android phones’ attempts at security – the G7 warns the user right off the bat that the facial recognition can be unlocked by seeing a similar face. But in the middle of the experiment, its facial recognition software updated and became more difficult to trick.
“It’s been long known that many implementations of facial recognition amongst Android phones have been less secure than Apple’s Face ID system. Some of those face recognition systems have been fooled with simple photographs,” the MacRumors staff wrote. “Apple’s Face ID, however, also includes IR depth mapping and attention awareness technology. The attention awareness alone may be enough to explain the inability for a static 3d printed head to unlock the iPhone X. That said, the iPhone X’s Face ID has been fooled in the past with more sophisticated printed 3d heads.”
“The facial recognition function can be improved on the device through a second recognition step and advanced recognition which LG advises through setup,” an LG spokesperson told Forbes. “LG constantly seeks to make improvements to its handsets on a regular basis through updates for device stability and security.”
The S9 also warned users that facial recognition alone was not that secure when used without a password or PIN.
“Oddly, though, on setting up the device the first presented option for unlocking was facial and iris recognition,” Brewster explained. “Whilst iris recognition wasn’t duped by the fake head’s misted-over eyes, facial recognition was tricked, albeit with a need to try a few different angles and lighting first.”
The Note 8 had an option for “faster recognition,” which even the manufacturer admitted was not as secure; however, the 3D printed head was able to unlock the phone on both settings, though the slower one did require more effort in terms of angles and lighting. As the least secure device Brewster tested, the OnePlus 6 did not include a warning or a slower, more secure recognition option and, “despite some sci-fi style face scanning graphics” the phone performed, it immediately opened for the 3D printed head.
“We designed Face Unlock around convenience, and while we took corresponding measures to optimize its security we always recommended you use a password/PIN/fingerprint for security,” a OnePlus spokesperson told Forbes. “For this reason, Face Unlock is not enabled for any secure apps such as banking or payments. We’re constantly working to improve all of our technology, including Face Unlock.”
“Apple’s investment in its tech – which saw the company work with a Hollywood studio to create realistic masks to test Face ID – has clearly paid off,” Brewster wrote.
In addition, Brewster noted that Microsoft’s new Windows Hello Facial recognition was also not tricked by the 3D printed model of his head.
According to Matt Lewis, the research director at cybersecurity contractor NCC Group, a strong alphanumeric password is a far safer option when securing your device than relying on facial recognition alone.
What do you think about this? Discuss this news and other 3D printing topics at 3DPrintBoard.com or share your thoughts in the Facebook comments below.
You May Also Like
RAM Metal 3D Printing Process Receives Patents in Multiple Countries
Metal 3D printing materials developer and supplier Elementum 3D, founded in 2014 by Dr. Jacob Nuechterlein, works to expand the selection of metal materials for additive manufacturing (AM) through the...
Sustainable Cabin Built on 3D-Printed Concrete Stilts from Infested Ash Wood
Our house had several ash trees in the front and back yard while I was growing up, and we lost three of them due to various acts of nature. Ash...
3D Printing News Briefs, May 28, 2020: Desktop Metal, DOMO Chemicals, Nano Dimension
We’ve got some partnership news we’re sharing in today’s 3D Printing News Briefs! Cetim and Desktop Metal are working together, while DOMO and Zare have also announced a partnership. Moving...
Technical University of Denmark: Integrated Process Chain for Production of Molds in LPBF Additive Manufacturing
Mandaná Moshiri recently presented a thesis, ‘Integrated process chain for first-time-right mold components production using laser powder bed fusion metal additive manufacturing’, to Technical University of Denmark. Exploring high precision...
View our broad assortment of in house and third party products.