Is It Possible to Cheat Face ID With a Photo?

Is It Possible to Cheat Face ID With a Photo?

Using the camera and your own face to unlock your smartphone is very convenient. But how safe is it?

The smartphone face ID scanning system was first introduced in the iPhone X in 2017. Apple’s competitors quickly picked up on the technology and immediately introduced their Android-based smartphone models with face scan unlocking.

Bloggers, journalists and regular users, of course, immediately wondered how reliable this technology was compared to a fingerprint scanner, and whether it could be fooled. It turns out that it can, but not on all devices.

Face ID on the iPhone

Apple products are known not only for their design and convenience, but also for their unprecedented level of security. Face ID technology is no exception. The way the technology works is as follows – when the smartphone is first turned on, it asks the user to scan their face by rotating it in front of the camera axially to get a three-dimensional picture of their face. Subsequently, when unlocked, the face is compared to the template in the smartphone’s memory. The comparison uses sophisticated software based on a pre-trained neural network. 

Is Telegram really safe?

Starting with the iPhone X model, Apple has been using the TrueDepth camera. More specifically, it’s a whole complex consisting of a regular camera and an infrared camera, as well as a “dot projector,” that is, an infrared illuminator. The projector generates more than 30,000 dots on the user’s face, thus creating a three-dimensional map of the face. The neural network in this connection is responsible for synchronizing changes to the face, such as makeup, vegetation, wrinkles and scars.

Due to the use of the IR camera and depth sensors, it is impossible to fool the system by bringing up a photo or showing a 3D mask. In this case, the system checks if there is a live person in front of the camera, and does so by taking several snapshots and then comparing them. If the face is real, the snapshots, due to the movement of the facial muscles, will differ slightly in several points, which means that the face is real, not a frozen mask. 

True, in 2019, experts managed to find a weakness in the system. It turned out that if the user is wearing glasses (sunglasses or tinted), the system compares the user’s face in two dimensions. And in this case, it is possible to use a 3D mask with glasses and taped areas on the glasses that simulate eyes.

But Apple quickly enough eliminated this shortcoming, and this method no longer works
It’s not cheap to embed such sensors – hence, in part, the high price of the device. But how are the Android competitors doing?

Analog to Face ID on Android

Solutions in the middle segment from Samsung, Huawei and other companies are based on a simpler principle with the use of a selfie camera and the occasional IR illuminator installed to illuminate the face in the dark. Depth map creation is rarely used, in select flagships such as the Google Pixel. This helps keep the price of the devices quite low, but the security of such solutions is, at times, lame on both feet. 

Experiment: Can you unlock a smartphone from a sleeping person’s face?

For example, even the flagship models have repeatedly managed to fool with a simple photo printed in high resolution. It turned out that the smartphone does not analyze the depth and as a result takes the photo for a real face. The same trick can be done by holding a smartphone with a photo up to the camera. What to say about more complicated tricks with 3D masks and heads printed in 3D printers. Not for nothing do many manufacturers recommend using Face Unlock to confirm identity for financial transactions.

What is there besides Face ID?

As opposed to a face scanner, Huawei and Samsung offered iris scanners in their smartphones. Like the fingerprint, the iris pattern is unique to each person and unlike the fingerprint scanner does not suffer from problems associated with fogging and contamination of the readable surface, because the iris is securely protected from external influences.

But it turns out that in its modern form this technology is imperfect as well, and it can easily be fooled by the same mask with lenses superimposed over it.
In general, manufacturers also do not recommend completely relying on this method of unlocking a smartphone. For complete security, it is recommended to use a mixed method, using a fingerprint and face/eye scanner.

To sum it up

Android smartphones with a ToF sensor and iPhone models with Face ID will not be able to fool the face unlock system with a regular photo. For an intruder to use a 3D mask or other high-tech methods, you must be of great interest to him: for example, to be the owner of a million-dollar bank account. It is unlikely that someone will do this without a clear motivation. 

Nevertheless, experts believe that the banal fingerprint sensor provides a higher level of security. So if you do have a few million lying around, and there is a banking app on your smartphone, it’s better to use the fingerprint unlock option. 

If you’re concerned about data security, read our article on how to encrypt files on Google Drive.

About the Author

You may also like these