Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Wednesday May 24 2023, @04:19PM   Printer-friendly

Someone who looks a lot like you could also unlock it, says Which?

Samsung, Oppo and Nokia are among a range of Android phone makers with facial recognition scanning tech that can be "easily duped" by a printed 2D photo, according to tests undertaken by campaign group Which?

Resident techies that put a range of phones and brands through their paces (see box below) said the findings were of concern as biometric tech is often billed as one of the most secure ways to unlock a handset.

Of the 48 phones Which? sent to labs for testing, 19 could be spoofed with photos and "worryingly" these were "not even particularly high resolution and were printed on a standard office printer on normal, rather than photo, paper."

The vast majority of the phones that failed the simple biometric test were, unsurprisingly, low to mid-range in price, though Which? claimed there were exceptions, including the Xiaomi 13 and the Motorola Razr.

Of the phones that Which? reckons could be fooled, seven were made by Xiaomi, four came from Motorola, while two came from each of Nokia, Oppo and Samsung. One model made by Honor and another by Vivo was also found to be exploitable.

Under Android's requirements, phone makers must ensure devices and software are "Android compatible," which includes how often device security can be spoofed. Class 3 systems must not be duped more than 7 percent of the time, and Class 1 system are least secure, with a spot rate of 20 percent of the time to more.

Which? voiced worries that scammers could exploit the weakness to – for example – access Google Wallet to make payments to a limited value (£45 in the UK, about $56) without needing to unlock their phone. For larger transactions, Google asks users to use a Class 3 biometric lock, Which? said.


Original Submission

 
This discussion was created by janrinok (52) for logged-in users only, but now has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Insightful) by JoeMerchant on Wednesday May 24 2023, @06:38PM

    by JoeMerchant (3937) on Wednesday May 24 2023, @06:38PM (#1307985)

    Fingerprints are NOT unique. Especially not in a world of 80 billion human fingers.

    Facial recognition tech is NOT anywhere near foolproof. Is it better than a minimum wage security guard trained against a 10 most wanted list? Hell yeah, but... even that security guard is a little harder to scam with stuff like fuzzy Polaroids than state of the art AI.

    The facial recognition and fingerprint reading tech in your phone is FAR from state of the art. It's convenience, and in some ways it's better than passwords, pins, swipe patterns and all that because it's harder to look over your shoulder and duplicate. Well, maybe. I believe a friend and I tested their iPhone years back by taking a picture of them with my phone, then holding that picture up to the iPhone camera and, yep, it let me in.

    Any suggestions of winks, blinks, nods, or middle finger salutes are similarly easily captured from far across an airport lounge using a telephoto mirror lens that you're unlikely to notice trained on your face while you go through your login dance for all to see.

    Copying fingerprints is well worn in Hollywood hacker plot points, but the truth is: the scanner is only looking for a few select features and while it might not let you in with greasy fingers, law enforcement can probably swipe various common print patterns across your seized phone's sensor with a non-zero chance of being let in. "Honest your Honor, the phone was unlocked when they handed it to me. What? Body cam footage, um, no, I'm afraid there was a technical schnarvenfuffle with that sequence, it's not available."

    --
    🌻🌻 [google.com]
    Starting Score:    1  point
    Moderation   +1  
       Troll=1, Insightful=2, Total=3
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3