Is Facial Recognition on Your Phone Secure? Forbes Says No

Do you have facial recognition set up on your phone? You might want to change your unlock settings soon. While experimenting with a 3D printed head, Forbes found that biometric security features aren’t as secure as you would like. Read on for the full story.

Facial Recognition Duped by a 3D Printed Head – The Full Story

Currently, more and more people are opting to use their smartphone’s “facial recognition” feature; leaving traditional unlock methods like passwords or PINs behind. Obviously, looking into your phone is a lot more convenient than remembering a password and typing it in. However, convenience doesn’t always mean “better”. In fact, a recent investigative experiment run by Forbes proved that convenience may actually be incredibly dangerous.

They tested out the facial recognition feature of an iPhone X and 4 Android phones; LG G7 Thin Q, Samsung S9, Samsung Note 8, and the OnePlus 6. They way they did this is by making a 3D printed copy of Thomas Brewster’s (the author of the article) head and seeing if the phone would unlock for it.

iPhone X seemed to have the best security feature of them all, as Apple did test it out with realistic masks made by a Hollywood studio. The Android phones, however, all opened… albeit with different levels of difficulty.

The interesting thing was that all of the Android phones except the OnePlus 6 were very upfront about the security flaws of facial recognition. So much so that the 3 phones actually told users upon setup not to use or rely on this particular feature.

Facial Recognition and Biometrics  – Should You Be Using Them?

I wish the answer to this question was simple. On one hand, biometrics may not be something you can fully avoid, seeing as some banks have started to implement their use. On the other, biometric data has been proven to be incredibly risky.

The truth of the matter is that hackers and attackers are upgrading their hacks almost as fast as new “security-based” technology is coming out. As you can see from the experiment detailed above, hacking into a smartphone with facial recognition isn’t very difficult to do.

“Who in their right mind would go through the trouble of 3D printing my face?!” you might be asking. Even though you do have a point, the truth is that we don’t know how biometric data will be used in the future.

One thing’s for sure, Big Tech loves collecting data. So, who’s to say biometric data will be any different? To top it all off, this kind of data isn’t something you can easily change. See, if a hacker got hold of your password, you’d simply change it. How are you supposed to change your face or your fingerprints in case that data got stolen?

One thing that Forbes’ experiment showed, however, is that facial recognition’s poor security isn’t exactly a secret. In fact, all of the Android phones (except the OnePlus 6) explicitly tell you not to rely on this feature. That means that:

1. Smartphone manufacturers know this isn’t a good security feature to have.
2. They’re basically removing all liability in case someone managed to crack your phone.

Barring the iPhone, users that opt for this kind of convenience are knowingly putting themselves at risk. This is incredibly problematic, as biometric data is so new that we don’t have any kind of laws to regulate its use. In other words, if someone uses biometrics to hack into your device, the law won’t be able to help you out.

Facial Recognition on Smartphones – Final Thoughts

Honestly, it may be better if smartphone users opted out of this unlocking feature entirely. As a rule of thumb, I personally don’t use any kind of “security feature” that uses unregulated data. The way I see it, I don’t want to be an unknowing beta tester for a feature that phone manufacturers know isn’t secure. Sure, a PIN or a password might cost you a few extra seconds to unlock your phone. However, that seems like a pretty good trade-off for securing your information in a tested and proved manner.