Recently, Thomas Brewster, who covers security and privacy for Forbes, detailed his experience in using a 3D printed head – modeled after his own – to try and break into several phones of the Apple and Android variety.
Forbes had Birmingham-based 3D printing and scanning company Backface create the head; the process began with 50 cameras combining to take a single shot of Brewster’s head that made up an entire 3D image. The image was loaded into editing software to fix any errors, and the life-size model was then 3D printed out of a British gypsum powder. After a few days, Brewster received the 3D printed model of his head, which cost just over £300 to make.
“You’re then the proud owner of an uncanny, almost-spectral version of your own visage,” Brewster wrote.
Brewster used his real face to register for facial recognition across five phones: the iPhone X, LG G7 ThinQ, Samsung S9, Samsung Note 8, and OnePlus 6. Then, he tested each one with the 3D printed head model to see if he could successfully circumnavigate the phones’ facial recognition. Spoiler alert: while each of the Android phones was tricked, the iPhone was “impenetrable.”
Brewster noted some differences between the various Android phones’ attempts at security – the G7 warns the user right off the bat that the facial recognition can be unlocked by seeing a similar face. But in the middle of the experiment, its facial recognition software updated and became more difficult to trick.
“It’s been long known that many implementations of facial recognition amongst Android phones have been less secure than Apple’s Face ID system. Some of those face recognition systems have been fooled with simple photographs,” the MacRumors staff wrote. “Apple’s Face ID, however, also includes IR depth mapping and attention awareness technology. The attention awareness alone may be enough to explain the inability for a static 3d printed head to unlock the iPhone X. That said, the iPhone X’s Face ID has been fooled in the past with more sophisticated printed 3d heads.”
“The facial recognition function can be improved on the device through a second recognition step and advanced recognition which LG advises through setup,” an LG spokesperson told Forbes. “LG constantly seeks to make improvements to its handsets on a regular basis through updates for device stability and security.”
The S9 also warned users that facial recognition alone was not that secure when used without a password or PIN.
“Oddly, though, on setting up the device the first presented option for unlocking was facial and iris recognition,” Brewster explained. “Whilst iris recognition wasn’t duped by the fake head’s misted-over eyes, facial recognition was tricked, albeit with a need to try a few different angles and lighting first.”
The Note 8 had an option for “faster recognition,” which even the manufacturer admitted was not as secure; however, the 3D printed head was able to unlock the phone on both settings, though the slower one did require more effort in terms of angles and lighting. As the least secure device Brewster tested, the OnePlus 6 did not include a warning or a slower, more secure recognition option and, “despite some sci-fi style face scanning graphics” the phone performed, it immediately opened for the 3D printed head.
“We designed Face Unlock around convenience, and while we took corresponding measures to optimize its security we always recommended you use a password/PIN/fingerprint for security,” a OnePlus spokesperson told Forbes. “For this reason, Face Unlock is not enabled for any secure apps such as banking or payments. We’re constantly working to improve all of our technology, including Face Unlock.”
“Apple’s investment in its tech – which saw the company work with a Hollywood studio to create realistic masks to test Face ID – has clearly paid off,” Brewster wrote.
In addition, Brewster noted that Microsoft’s new Windows Hello Facial recognition was also not tricked by the 3D printed model of his head.
According to Matt Lewis, the research director at cybersecurity contractor NCC Group, a strong alphanumeric password is a far safer option when securing your device than relying on facial recognition alone.
What do you think about this? Discuss this news and other 3D printing topics at 3DPrintBoard.com or share your thoughts in the Facebook comments below.
You May Also Like
3D Printing Webinar and Event Roundup: January 16, 2022
We’re back in business this week with plenty of webinars and events, both virtual and in-person, starting with the second edition of the all-female-speaker TIPE 3D Printing conference. There are...
3D Printing News Briefs, January 12, 2022: Rebranding, Bioprinting, & More
First up in today’s 3D Printing News Briefs, Particle3D has gone through a rebrand, and a team of researchers developed a way to 3D print and preserve tissues in below-freezing...
3D Printing News Briefs, January 5, 2022: Software, Research, & More
We’re kicking off today’s 3D Printing News Briefs with 3D software, as Materialise has integrated Siemens’ Parasolid with its own Magics software. Moving on, The Virtual Foundry launched a metal...
3D Printing News Briefs, January 1st, 2022: CES 2022, Standards, Business, & More
Happy New Year! We’re starting with this week’s CES 2022 in today’s 3D Printing News Briefs, then moving on to a new AM standard and business news from Roboze and...
View our broad assortment of in house and third party products.