0
A Dutch non-profit has tested 110 smartphone models and found that the facial recognition feature used for locking devices doesn’t work as intended on 42 phones.
The study, carried by Consumentenbond and its international partners, found that holding up a photo of the phone’s owner is enough to unlock 42 of the tested smartphones.
Any photo will do, such as ones obtained from social media, CCTV footage, or other means.
The results of this study are worrisome. Using a printed photo of the owner’s face is the first test that regular users, pen-testers, and attackers alike would use to break into a facial ID-protected smartphone before they move to try more complex attacks that involve creating masks or 3D printed heads of the phone’s owner.
Any facial recognition system that fails “the photo test” is usually considered useless.
According to Consumentenbond, models from Asus, BlackBerry, Huawei, Lenovo, LG, Nokia, Samsung, Sony, and Xiaomi failed such tests.
Apple devices, known for their strong facial recognition feature, survived the tests with their reputation intact, as expected.
The full list of 42 smartphone models that failed the photo test is below:
- Alcatel 1XAsus Zenfone 5 Lite 64 GBAsus Zenfone 5, ZE620KL (64 GB)BlackBerry Key2BlackBerry Key2 (US version)BQ Aquaris X2BQ Aquaris X2 ProGeneral Mobile GM8HTC U11+Huawei P20 (EML – L29)Huawei P20 LiteHuawei P20 Pro (CLT – L29)Lenovo Motorola Moto E5Lenovo Motorola Moto E5 (BR version)Lenovo Motorola Moto E5 Plus (BR version)Lenovo Motorola Moto G6 PlayLG K9 (LM-X210EMW)LG Q6 Alpha (LG-M700n)Motorola Moto G6 Play (BR version)Motorola OneNokia 3.1Nokia 3.1 (US version)Nokia 7.1Oukitel VUSamsung Galaxy A7 (2018)Samsung Galaxy A8 (32GB) (SM-A530F/DSSamsung Galaxy A8 (64 GB)Samsung Galaxy A8+ (SM-A730F)Samsung Galaxy J8 BrasilSony Xperia L2 (H3311)Sony Xperia L2 (H3321)Sony Xperia XZ2 (H8216)Sony Xperia XZ2 (US version)Sony Xperia XZ2 Compact (H8314)Sony Xperia XZ2 Compact (US version)Sony Xperia XZ2 Compact Dual SIM (H8324)Sony Xperia XZ2 Dual SIM (H8266)Sony Xperia XZ2 Premium (US version)Sony Xperia XZ3Vodafone Smart N9Xiaomi Mi A2Xiaomi Mi A2 (32GB)
The following six devices also failed the photo test, but their facial recognition system also featured a “strict” mode that when enabled did not fail the same test again.
- Honor 7ALG G7 thinQLG G7 thinQ (US version)LG G7 thinQ Dual SIMLG V35 ThinQ (US version)LG V40 ThinQ
The list of devices that successfully passed the photo test includes:
- Alcatel 3V (5099D)Alcatel 5Apple iPhone XR (128 GB)Apple iPhone XR (256 GB)Apple iPhone XR (64 GB)Apple iPhone XS (256GB)Apple iPhone XS (512GB)Apple iPhone XS (64GB)Apple iPhone XS Max (256GB)Apple iPhone XS Max (512GB)Apple iPhone XS Max (64GB)Asus Zenfone Max Plus (ZB570TL)Honor 10Honor 7CHonor 8XHonor View 10HTC U12+ (EU version)HTC U12+ (US version)Huawei P Smart+Huawei Y6 (2018) (ATU-L21)Huawei Y7 (2018)Huawei Mate 20Huawei Mate 20 LiteHuawei Mate 20 ProLenovo Motorola Moto G6 (32GB)Lenovo Motorola Moto G6 (64GB)Lenovo Motorola Moto G6 (US version)Lenovo Motorola Moto G6 PlusLenovo Motorola Moto Z3 .US versionLenovo Motorola Moto Z3 PlayLenovo Motorola Moto Z3 Play .US versionMotorola Moto G6 (BR version)Motorola Moto G6 Plus (BR version)One Plus 5TOnePlus 6 (128GB)OnePlus 6 (256GB)OnePlus 6 (64GB)OnePlus 6 (US version) (64 GB)Oppo Find XSamsung Galaxy A6 (32GB)Samsung Galaxy A6+ (32GB)Samsung Galaxy A6+ (64 GB)Samsung Galaxy A9 (2018)Samsung Galaxy J6 (2018)Samsung Galaxy Note 9 (128 GB) (EU version)Samsung Galaxy Note 9 (128 GB) Dual SIM (BR version)Samsung Galaxy Note 9 (128 GB) Single SIM (EU version)Samsung Galaxy Note 9 SM-N960U1 (US version)Samsung Galaxy S9 (SM-G960F/DS)Samsung Galaxy S9 SM-G960U1 (US model)Samsung Galaxy S9 256GBSamsung Galaxy S9 dual (128GB)Samsung Galaxy S9+ (SM-G965F/DS)Samsung Galaxy S9+ 256GBSamsung Galaxy S9+ dual (128GB)Samsung Galaxy S9+ Single SIMSamsung Galaxy S9+ SM-G965U1 (US model)WIKO View 2
More security coverage:
Ransomware suspected in cyberattack that crippled major US newspapersSecurity researcher cracks Google’s Widevine DRM (L3 only)EU to fund bug bounty programs for 14 open source projects starting January 2019City of LA sues Weather Channel app for sharing location data with advertisersMost home routers don’t take advantage of Linux’s improved security featuresMarriott says less than 383 million guests impacted by breach, not 500 millionWhy router-based attacks could be the next big trend in cybersecurity TechRepublic
Security researchers find flaws in chips used in hospitals, factories and stores CNET
Related Topics:
Mobility
Security TV
Data Management
CXO
Data Centers
0