2D Photos Easily Dupe Face Recognition On These Top Android Phones
In a recent survey of modern smartphones, it was found that a large proportion of them offered face recognition technology (FRT) which was alarmingly weak. Devices from most major Android vendors like Honor, Motorola, Nokia, Oppo, Samsung, Vivo and Xiaomi used FRT which could be fooled by a simple printed photo of the actual user, found the research. Moreover, a usable photo in the hands of a spoofer didn’t have to be of a very high quality or be printed on particularly good paper or printer to work.
With people ever more reliant on their smartphones for financial services and transactions, the secure login and identity verification functionality of these devices is ever more important. This writer has various banking applications, which allow passwordless access via biometric verification, but some will have many more FinTech apps in daily use - like digital wallets, share trading, or crypto/NFT platforms. Having strangers or thieves poking around these apps and being able to check through various other personal documents, communications and data is highly undesirable. However, if your phone has weak security, then all this sensitive information and even your savings might be easy for a malicious actor to grab.
Let us look at the list of phones consumer magazine Which? found to offer very little security via their FRT implementations. From the 48 modern devices tested by the periodical, the following 19 (40%) were duped by a simple 2D printed photo:
- Honor 70
- Motorola Razr 2022, Motorola Moto E13, Motorola Moto G13, Motorola Moto G23
- Nokia G60 5G, Nokia X30 5G
- Oppo A57, Oppo A57s
- Samsung Galaxy A23 5G, Samsung Galaxy M53 5G
- Vivo Y76 5G
- Xiaomi POCO M5, Xiaomi POCO M5s, Xiaomi POCO X5 Pro, Xiaomi 12T, Xiaomi 12T Pro, Xiaomi 12 Lite, Xiaomi 13
Which? Tech Editor, Lisa Barber, was quite perturbed by the research findings. “It’s unacceptable that brands are selling phones that can easily be duped using a 2D photo, particularly if they are not making their customers aware of this vulnerability,” she said. “Our findings have really worrying implications for people’s security and susceptibility to scams.” Meanwhile, Which? has removed any affected phones off its best buy and value recommendations lists.
The source publication laments the fact that so many Android phones fall flat to simple 2D spoofing. For perspective, it must be pointed out to any current or potential iOS device user, that Apple’s FRT implementation dubbed ‘Face ID’ is a robust standard which even offers 3D anti-spoofing, and can’t be bypassed by photos, videos, or even sophisticated 3D head models of the user. This is why some banking apps restrict FRT identity verification to Apple users, explains Which?