Is Your Face Secure? Hackers Say It Isn't
By: Jim Stickley and Tina Davis
June 29, 2019
Facial recognition, once believed to be the great hacking foe, is proving to be, well, not so much anymore. Recent revelations about the Samsung Galaxy S10 are a perfect example of just how vulnerable facial recognition is. The Verge reported an incident where a picture of a face on one device can unlock facial recognition when pointed at a second device. One attempt simply used a paper photo of the device owner to unlock the phone. Samsung, along with Apple, pledged commitment to keeping facial recognition safe, but so far it looks like that pledge isn’t quite working.
Although not widely publicized, there’s been no shortage of successful hacks on facial recognition. An Apple iPhone X was hacked by a $150 mask and other Androids locks easily broken with a 3D-printed head. Last year, a Dutch non-profit found they could bypass facial recognition in 42 out of the 110 smartphones tested–not a reassuring result. Believed to be at the heart of the problem? Facial recognition scans don’t use any type of 3D depth, using just the positioning of the eyes, mouth and nose. Researchers believe 3D implementation can go a long way improving facial recognition security.
Samsung and other vendors admit facial recognition isn’t as safe as other lock methods, perhaps because they have yet to employ 3D facial scanning. Smartphone creators also find that someone resembling the device owner can unlock a smartphone. Other discoveries find that owners who have major changes in their appearance may be prevented from successfully unlocking their phone. Surely a problem on both ends, but easily hacked access is the most disconcerting.
Until progress is made, the best answer for the time being is not using facial recognition at all. As such, users are advised to disabling facial recognition and return to entering a security code that is not easily guessable. In addition, users should ensure the devices auto-lock after the shortest time period allowed in the device settings.