I got my first smartphone the Nokia N80 in 2006. Based on Symbian platform, it offered a simple screen lock, which required you to key in a password. Fast forward to today, and I just have to show my face to unlock the OnePlus 6. This process is incredibly fast and convenient but is it any better in terms of security?
For a definitive answer, Forbes’ Thomas Brewster carried out an elaborate test. He set up face unlock on several devices including the Samsung Galaxy S9, Galaxy Note 8, OnePlus 6, iPhone X, and LG G7 ThinQ. He then had his face scanned by a UK based firm Backface. Based on this data, a model of Brewester’s face was 3D printed for around 300 pounds (approx. Rs 27,000). To complete the experiment, Thomas used this 3D printed head to trick his smartphones. With the exception of the iPhone X, all other phones were compromised to a 3D printed head. The report mentions that Thomas had to work with different angles on phones from the South Koreans, but OnePlus 6T was exceptionally easy to get past the lock screen.
Should Android users lose their sleep over face unlock?
Although the original report doesn’t mention this, iPhone X isn’t the only handset to feature sophisticated face recognition tech. Many Android handsets including the Huawei Mate 20 Pro, P20 Pro, and Oppo Find X are equipped with iPhone esque authentication system. Such arrangement generally uses a dot projector, infrared camera, and flood illuminator. That’s almost all the Xbox Kinect sensors squeezed into a few centimeters. Such setup is difficult to trick with a 3D printed head. So, not all Android users need to be worried.
Even if your phone’s face recognition is not that safe, there’s no reason to panic. Nobody is going to invest so much time and money to 3D print your head. However, if you are convinced that you are so important that people will go to these lengths, then it is worth finding a more secure alternative.
Should you switch back to the fingerprint sensor?
If you are ditching the face unlock feature, fingerprint recognition tech seems like a good alternative. Unfortunately, as demonstrated by Michigan State University scientists, spoofing fingerprints is easier than we anticipated. To fool the fingerprint scanner, these guys used an inkjet printer! Of course, you need a special type of ink and paper, but it involves nothing that can’t be ordered online.
Another major issue with a fingerprint sensor is that your friends or family can easily unlock your phone while you are asleep. Crashing at someone’s place poses a serious threat to your smartphone security. This is exactly what happened with an Iranian guy on a Qatar Airways flight. His wife scanned his fingerprint to unlock the phone while he was done counting sheep. Upon discovering her husband’s affair, she lost her cool and the flight had to make an unscheduled landing at Chennai to offload the unruly couple. The point here is that face unlock at least checks if the user is awake before opening the phone. In short, the fingerprint sensor isn’t any better than face recognition tech.
Which is the most secure way to lock your phone?
Smartphone security has come full circle as the password method is still the most secure way to lock your phone. Of course, it needs to be better than 1234 or 0000. Phones let you set up to 16-character password. If you throw in a mix of letters, numbers, and special characters, such passwords are nearly impossible to crack with an average computer. You can check the strength of a password at Kaspersky’s page. The script tells you how much time it will take to brute force a password on a typical personal computer. To put things into perspective, 0000 can be cracked within a second. On the other hand, OhSd:(P^2Cry0!um can take 10,000+ centuries to beat.
Since the password is inside your head, nobody can retrieve it while you are asleep without any help from Dominick Cobb and his team. Moreover, the processing muscle needed to brute force a proper password is beyond the reach for most people. On the flipside, typing a lengthy password is not convenient at all, but currently it is the most secure way to lock your phone.