3D-Printed Head Can Unlock Most Smartphones Secured by Facial Recognition Tech
Marie Donlon | December 17, 2018Securing devices like smartphones and tablets is no longer a matter of selecting an easy-to-remember password. As the devices become more and more sophisticated, so do the means by which they can be accessed, which has paved the way for securing devices with biometrics. Unfortunately, methods such as fingerprinting and facial scanning to gain access to devices come with some unanticipated flaws, according to researchers.
Passwords and codes are steadily being replaced by biometric systems involving fingerprinting, iris recognition and facial recognition technology. As such, a reporter from Forbes set out to determine if such protected devices could be accessed via creative means. With the growing capability of 3D printing, making it possible to produce anything from 3D-printed guns to prosthetics, Thomas Brewster had a 3D model of his head commissioned to see if face locking systems in particular could be unlocked with his 3D-printed likeness.
Testing the 3D-printed head on four Android devices and on an iPhone X, Brewster successfully unlocked all four of the Android devices while the iPhone X was the only device capable of thwarting such an attack.
While the idea of unlocking a device using what is essentially a dummy head seems absurd, what isn’t absurd is that the 3D-printed head can “trick” devices into revealing a user’s secrets. Such a notion has implications for privacy as this method could be used by both law enforcement and hackers alike.
Abandoning time-tested passwords and even fingerprinting in some cases to unlock devices, biometrics are not protected under the United States Constitution's Fifth Amendment, which addresses criminal procedure. This means that devices can be unlocked by law enforcement agents by forcibly “depressing” the user’s fingerprints in the space provided on the device and even holding the device up to the user’s face to unlock it via facial recognition.
This isn’t the first time that securing devices via biometrics have left devices vulnerable. Hackers managed to outsmart an iris recognition system with help from an artificial eyeball while law enforcement reportedly gained access to a deceased person’s iPhone using the corpse’s fingerprints.
Despite concerns, however, experts don’t believe that creating 3D-printed models for the purpose of unlocking devices is a practical or cost-effective use of resources for law enforcement in particular. Nevertheless, while many would happily forgo having to remember countless passwords and clunky access codes, such research gives pause as law enforcement cannot force a user to reveal his or her passwords or codes to unlock devices.