OnePlus 6 Face Unlock Fooled by Black-and-White Photo

“The spoofing also highlights the importance of liveness detection, which can involve a number of different methods of making sure that it’s the actual user in front of the phone.”

OnePlus’s new flagship smartphone can be unlocked with a photo of the user’s face, and it doesn’t even need to be in color, suggests a user video recently posted to Twitter. Demonstrating the low bar for access to the phone via its face unlock feature, the video shows the user’s friend successfully unlocking his OnePlus 6 device just by holding a black-and-white photo of the user’s face in front of his own. It takes a few tries, but it works.

With respect to contemporary mobile security, it’s an illuminating spoofing video on a number of counts. For one thing, it shows that 2D face scanning is very different from 3D face scanning: A big part of the reason that Apple was able to claim one-in-a-million accuracy for the identification capabilities of the iPhone X’s Face ID system is that it establishes a 3D map of the user’s face using an infrared grid. It just isn’t possible to replicate that map with a 2D photo, whereas the OnePlus 6’s 2D imaging system has fallen victim to that vulnerability.

The spoofing also highlights the importance of liveness detection, which can involve a number of different methods of making sure that it’s the actual user in front of the phone. Apple’s ID has an ‘attention aware’ feature designed to make sure that an authorized user is actually looking at the iPhone X in order to unlock it, while other approaches have involved requiring the user to blink or taking short videos to establish movement.

Finally – and this is an area where Apple is actually lacking – the OnePlus 6 spoofing points to the utility of multimodal authentication. Relying on just one mechanism is far less effective than combining them, as Samsung has done in its combination of facial and iris recognition on the Galaxy S9 smartphone. For its part, the OnePlus 6 actually has a rear-mounted fingerprint sensor, too, and OnePlus says that this feature is meant more for security while the face unlock feature is mostly for convenience. But given that the device’s facial recognition system can’t even tell when it’s being shown a black-and-white image, it is perhaps a little too convenient for most users’ comfort.

Sources: TechRadar, Android Police, Digital Trends

Sponsored Links

FaceTec’s patented, industry-leading 3D Face Authentication software anchors digital identity, creating a chain of trust from user onboarding to ongoing authentication on all modern smart devices and webcams. FaceTec’s 3D FaceMaps™ make trusted, remote identity verification finally possible. As the only technology backed by a persistent spoof bounty program and NIST/iBeta Certified Liveness Detection, FaceTec is the global standard for Liveness and 3D Face Matching with millions of users on six continents in financial services, border security, transportation, blockchain, e-voting, social networks, online dating and more. www.facetec.com

FACEPHI is a global leader in Facial Recognition technology and in Mobile Biometrics technologies. With a strong concentration in the financial sector, FacePhi’s product is rapidly becoming a service used by banks all over the world. Its implementation doesn’t just save money, it is also a way to attract clients and build loyalty, while increasing the security of transactions for both the customer and the business. To learn more about FacePhi, visit https://www.facephi.com/en/

“The spoofing also highlights the importance of liveness detection, which can involve a number of different methods of making sure that it’s the actual user in front of the phone.”

Related News & Articles

Footer

Follow Us