A 3D-printed head has shown that while Apple's Face ID is a secure biometric authentication system, other facial recognition systems used by Android-based smartphones are able to be fooled and unlocked by the fake cranium.
A 3D-printed head used to test smartphone facial recognition systems (via Forbes)
While facial recognition has been around for some time, the arrival of Face ID on the iPhone X prompted the biometric authentication type to become more commonplace. While more popular to use, Android versions don't use the same TrueDepth camera array and 3D-scanning technology as Apple, with the use of a single 2D image potentially making them susceptible to attack.
A recent test of four Android smartphones and an iPhone X was recently performed by Forbes, to try and fool the face-based security systems using a replica head. Produced by the UK-based Backface, a subject's head was created into a 3D image that was then 3D printed to life-size proportions using gypsum powder, at a cost of around 300 ($380).
For each test, the smartphones were registered to the real head of the subject, before being tested against the fake version. Notably, while the Android smartphones were all able to be beaten by the plastic face, the iPhone X was the only device on test to successfully prevent access in all instances.
The iPhone X was tested alongside the LG G7 ThinQ, the Samsung S9, Samsung Note 8, and the OnePlus 6.
The LG's initial test opened up straight away, though it is noted there was an update where LG improved the facial recognition system. After the update, it was much harder to unlock with the fake head, but it was possible under the right lighting conditions. The OnePlus 6 also opened relatively quickly.
The Samsung S9's facial recognition was defeated after multiple attempts, with varying angles and lighting, but its iris recognition system wasn't able to be beaten. The Note 8 offers two speeds of facial recognition, with the quicker option obviously less secure, but both were able to be beaten with some adjustments to the environment.
It is notable that, in the case of LG and Samsung, warnings are provided to the user about the facial recognition making a device "less secure," and that it could be unlocked by people or objects that resemble the user.
While most Android devices use a single camera lens for facial recognition, Apple's Face ID produces a depth mask of the user's face, providing a true 3D representation for authentication that is less easily fooled by printouts and other simple attempts to defeat it. At the iPhone X's launch, Apple also claimed it worked with professional mask makers and makeup artists in Hollywood during its development, and produced its own masks to train the onboard neural network.
That said, Face ID is not entirely unbeatable, as shortly after launch, two elaborate masks were able to defeat it, including one that cost just $200 to produce, but considerable effort and knowledge was required for its creation. It is also possible to be fooled by identical twins, and in one case, by one user's 10-year-old child with a familial resemblance.