How to break through Android Face Lock: An Experiment

After creating a fake master fingerprint to unlock most fingerprint protected devices, Thomas Brewster at Forbes made an attempt to use a fake 3D printed version of his real head to unlock a bunch of phones.

The reporter printed a 3D model of his head at Backface in Birmingham, U.K. An image of his head was taken using 50 cameras. After some preprocessing, the model was printed using a 3D printer. The final product was ready after some post processing (coloring and other final touches) in a few days. The entire process cost just over £300. (I tried to be super quick at describing the process. Tell me how I did.)

For the tests, he used 4 Android devices (LG G7 ThinQ, Samsung S9, Samsung Note8, OnePlus 6) and iPhoneX. He used his real head, I mean the head he is born with, to activate face lock on all devices and then tried to unlock them with his fake 3D printed head. According to his report, only the iPhone X was successful to keep its inside data secure.

OnePlus 6 offered no resistance at all and gently welcomed the fake 3D Thomas Brewster. The other 3 Android phones, however, made a considerable effort to keep its user’s privacy but… you know what could have happened. They did the same as OnePlus 6 did but at least they resisted to the attack. Although, their facial recognition system failed to keep them secure but it earned them some respect.

Samsung and LG (idk about other brands) have explicitly told their users to use the face recognition lock as a secondary option as it is less secure than password/pin/pattern lock. The devices also show a warning message to its users when the face lock is activated and encourage them to use primary lock only or dual lock system (both primary lock and secondary lock).

In 2017, Apple’s Schiller confirmed in a keynote that Apple’s face recognition cannot be spoofed by fake FaceIDs. He showed some photographs, created by Hollywood special effects consultants with great details, that he said were used to test the face recognition technology of Apple. However, he didn’t specified that whether the tests were successful or not.

I am myself an Android user for long and I know it is less secure than Apple but it does not mean that this experiment abruptly made me a fan of Apple. Android offers more freedom than Apple does (personal opinion). I always use dual lock system and I put an administrative lock on my phone whenever I go to sleep or I feel that my phone could be unlocked by using my face/fingers forcibly. I will suggest you to do the same if you are using Android.

Leave a Comment

Your email address will not be published.