Although, the numerous benefits of 3D printing are undeniable but at the same time there is a growing concern about some of the unanticipated challenges which come to our ways with the advancement in technology. The most important concern to address is the security issue which comes from 3D-printed masks being used to get through the smartphones for the hacking purpose. With the progression of science, the bar of hackers on the ways to break into the phones is also raising. Today they are evolving the capabilities of 3D-printed heads to get quick access to any phone that uses a facial recognition password.
Facial recognition is everywhere these days be it social media or simply cosmetics. Whether it a big shopping complex or your office, you must be going through something which is scanning your face. But when it comes to Smartphones, the technology is supposed and designed to protect your important data and digital life from snoops. But do you really think it is entirely foolproof? The answer of course is “No”, because 3D printing has been used many times to break into the facial recognition software in Smartphones.
Thomas Brewster, who covers crime, privacy & security for Forbes recently shared his experience of using a 3D printed head to try and break through several phones including Microsoft, IOS and Androids. As a result, he found that facial recognition software employed on some of the top Android Smartphone handsets doesn’t really as secure as Apple’s advanced Face ID feature. Apple handsets allow for accurate 3D depth mapping with specialized TrueDepth hardware installed which uses invisible infrared light.
But talking about the Android devices, the vast majority of these Androids install the obsolete 2D facial scanning that can be easily fooled with a 3D printed head. To test this, Forbes has recently tested facial recognition across the top phone models with a 3D-printed head from Birmingham’s Backface. This printed head was of Thomas Brewster and for making it a success, special cameras scanned his face from all the angles and then with the combination of a software a full 3D image model has been made.
Forbes took help of the 3D printing and scanning company named as Backface to create the 3D mask, and the process of making the head began with the 50 cameras to take a single shot of Thomas Brewster’s head in order to make the entire 3D image. They have taken help of editing software to fix for the errors and after all the procession the life-size 3D model was successfully printed out made up of British gypsum powder. And in very less time, Forbes received the 3D printed head model of Brewster which costs just around £300.
Having tested if he could circumnavigate the face recognition system of the top models of Androids and IOS smartphones Brewster used his real face to register for facial recognition across five phones e.g. “OnePlus 6”, “Galaxy S9 & Note 8 by Samsung”, “LG’s G7 ThinQ” and “Apple’s iPhone X” and he successfully got to unlock all the Andriod phones using the spoof 3D printed model of his head but not in the case of Apple’s handset. “All of the Androids opened with the spoof,” he wrote. “Apple’s iPhone X was impenetrable.”
Thomas reveals that the Result didn’t surprise him because none of the Smartphone makers except Apple claimed to have the top level of security and accuracy. Moreover, unlike iPhone X, none of the aforesaid Android makers use their facial recognition systems to approve mobile payment transactions without approving with a second and more secure biometric method such as the fingerprint or password. But in the case of iPhone X, all it takes to approve a Payment transaction is a glance. Even the handset making brands like LG and Samsung even put warning messages from time to time that facial recognition on their devices might not be as secure as using a password, PIN or pattern.
Please have a look at what these android makers had said about their facial recognition technology in the form of a warning.
1. The LG’s G7 warns the users that their facial recognition security system can be unlocked by seeing a similar face. But after a few experiments, their facial recognition software got updated and became difficult to trick.
An LG spokesperson told Forbes that, “They are going to improve the facial recognition function on their device through a second recognition step and advanced recognition”. “LG constantly tries to upgrade its handsets on a regular basis through updates for device’s security.”
2. Talking about Samsung the “Galaxy S9” also warned users that facial recognition alone without a password or PIN is not that secure. The other one from Samsung, the “Note 8” had an option for “faster recognition” which even the manufacturer said is not as secure. However, it got unlocked with 3D printed head on both settings, still, it required more effort in terms of angles and lighting in case of “slower recognition” option.
“Face unlock option is kept for the convenience of the user to open their phone just as in case of ‘swipe to unlock’ action. To lock your phone and authenticate access to Samsung Pay or other Secure Folder, We offer the highest level of biometric authentication such as fingerprint and iris.” Samsung spokesperson told Forbes.
3. But when it came to testing “OnePlus 6”, it proved to be the least secure device in terms of facial recognition as it did not include a warning or a slower more secure recognition option but it immediately got unlocked for the 3D printed head.
A oneplus spokesperson told Forbes “We designed Face Unlock just to make our customers fell convenient, and to optimize its security we always recommended the users to use a password/PIN/fingerprint instead for security”. “For this reason, we have not enabled the Face Recognition for any secure apps such as banking or payments. We’re constantly working to improve all of our technologies, that also includes the Face Recognition Unlock.”
4. Last but not least, when Brewster held the experiment of 3D printed head to get into the iPhone X, it was not fooled, as the technology used in Apple’s phones are fully spoof-proof.
In the end, Brewster Said that “Apple’s investment in its technologies has clearly paid off, which saw the company work with a Hollywood studio to create realistic masks to test Face ID ”.
Moreover, Brewster noted that the 3D printed model of his head was also not able to fool the Microsoft’s new Windows Hello Facial recognition.
Instead of using the face recognition use a strong alphanumeric passcode, because it is far safer option where it comes to securing your device. Don’t rely on the face recognition alone, said Matt Lewis, research director at cybersecurity contractor NCC Group. “Users must focus on the secret aspect instead of their convenience and that could be achieve using the PIN and the password”, he further added. Because the fact with any biometrics is that they can be copied by anyone having enough time, resource and objective.