Not everyone is a fan of it, but it's hard to argue convincingly that facial recognition isn't going to play a role in the future of technology. The newest Apple iPhones and Android smartphones have built-in facial recognition features that can unlock your device, but you would be wrong to think that the reliability and accuracy of the features is comparable. After all, in the past, owners of Samsung Android phones have demonstrated how devices can be unlocked by pointing it at the face of a sleeping person or even with just a photograph. It's true to say that the facial recognition technology built into handsets has improved in recent years. And as it has become more reliable, more users are likely to use it as their primary method of unlocking a phone rather than having to remember a sequence of numbers or a password. Forbes journalist Thomas Brewster wanted to find out just how well a variety of Android phones and a top-of-the-range Apple iPhone would fare against a determined attempt to break facial recognition. And he did that by having a 3D-model printed of his head. As Brewster explains, he engaged the services of a small British company in Birmingham to create a spooky life-size 3D print of his own head for just over £300. For the price, it's an impressive likeness, but it's not enough to fool any human into thinking they are looking at the real Thomas Brewster. But could a smartphone be fooled? To find out, Brewster registered his own (real) face with five different phones: An iPhone X, an LG G7 Linq, a Samsung S9, a Samsung Note 8 and a OnePlus 6. With facial recognition setup, all he had to do was see if his fake head would be convincing enough to unlock the devices. Rather worryingly (if someone has managed to make a 3D-printed version of your head), all four Android phones were duped into thinking they were looking at the real Tom. Only the iPhone X wasn't duped. It's certainly impressive to see Apple's iPhone X not be tricked by Thomas Brewster's fake head, and it may surprise owners of Android smartphones who have had at best mixed experiences with facial recognition. From this test at least, it would appear that the efforts made by Apple's engineers to develop its "TrueDepth" camera technology (which uses more than 30,000 infrared dots to scan your face in 3D) has paid off. It's worth pointing out that some of the Android phones were easier to unlock than others, (The LG, for instance, proved trickier to unlock, as it required a little more effort in finding the combination of lighting and angles.) but that's not something that is going to in any way deter a determined intruder from breaking into your device. What is somewhat encouraging is that there are alerts displayed by some of the Android devices when the user attempts to enable facial recognition, warning that the feature can actually make your phone less secure. The LG G7 Linq, for instance, warns that similar faces can be used to unlock it:
Face recognition is a secondary unlock method that results in your phone being less secure.
Meanwhile, the Samsung S9 displayed the following warning:
"Your phone could be unlocked by someone or something that looks like you. If you use facial recognition only, this will be less secure than using a pattern, PIN or password."
No-one may be planning to make a life-size 3D-printed version of your head, but you should still take the warnings of the manufacturers seriously. If you want to keep your device secure, you may be sensible not to put all of your eggs in one basket but instead treat facial recognition as a secondary unlock feature that should be used alongside (rather than instead of) a password or fingerprint. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
Mastering Security Configuration Management
Master Security Configuration Management with Tripwire's guide on best practices. This resource explores SCM's role in modern cybersecurity, reducing the attack surface, and achieving compliance with regulations. Gain practical insights for using SCM effectively in various environments.