Improved facial recognition on phones still not 100% secure, say experts

Improved facial recognition on phones still not 100% secure, say experts
A man using a smartphone. Credit: Unsplash

Twins unlocking each other's mobile phones, a daughter who is recognised as her mother… These are just a few of the cases where facial recognition on smartphones has failed to distinguish between family members. So, how safe or unsafe is the technology?

Unlocking the phone with a single glance instead of yet another numeric code, a fingerprint or pattern that fails in rainy weather was the choice Anabel went with when deciding on the security measure for her phone. However, the Belgian mother recently found out that her 17-year-old daughter could unlock her mobile phone without any problems using the facial recognition option.

"Suddenly she shouted, 'Hey mom, I can open your phone!' It's a bit strange to know that she can go to all my emails and bank accounts, but I am not really worried,” Anabel told RTBF. “I think it's actually quite funny. We are 31 years apart and don't even look that alike."

Apple's Face ID technology was announced in 2017 as a major breakthrough in facial recognition. Through the combination of infrared light and a so-called dot projector, iPhones make a lightning-fast 3D scan of 30,000 infrared dots on your face. In addition, the system gets a little smarter every time you use it and recognises daily changes on your face, such as beard growth or pimples.

False positives

Nevertheless, soon after the launch came numerous testimonials similar to Anabel’s. According to Apple, there is a one-in-a-million chance that a random person can unlock your iPhone or iPad. But there are exceptions: with twins or family members who look alike, the iPhone sometimes gets it wrong.

"There is certainly a chance of false positives," said cybersecurity expert Cees de Laat of the University of Amsterdam. The professor experienced this himself: to test Apple Photos facial recognition, he uploaded photos of his one-year-old self and then of his son and grandson at the same age. The system recognised the three as one and the same person.

The technology is therefore not yet foolproof, although rapid progress is being made. Until the introduction of Face ID, facial recognition usually worked on the basis of a simple 2D scan of your face. That technique soon turned out to be easy to deceive by holding a photo of the owner in front of the camera. In 2019, the Dutch Consumers' Association showed that in 26 of the 60 most-sold smartphones, facial recognition was easy to fool with a simple passport photo.

Related News

"Since then, facial recognition in smartphones has evolved significantly," said cryptographer Bart Preneel at KU Leuven. "Certainly the more expensive models of different brands today have excellent facial recognition, which also looks at the movements of your face. Although of course there remains a margin of error, as indeed with family members who look like you."

While simple photos are no longer enough to fool the most advanced smartphones, criminals can still do so with 3D masks of your face. For example, in a 2018 investigation, Forbes journalist Thomas Brewster was able to unlock four of the five phones he tested with a 3D print of his face.

Facial recognition is therefore not yet 100% safe. But neither are the other security methods. A four- or five-digit PIN, the traditional security method, cannot simply be guessed by good luck. However, there is a risk that hackers will crack your PIN code with cracking software.

Ease of use

Another option is a security pattern, a zigzagging line that you draw between nine points. It offers a lot of possibilities in itself, but can just as easily be cracked or simply seen by a criminal looking over your shoulder.

What about the finger sensor? For a number of years now, that option has also been available on many smartphones. This in itself offers more security in the event of theft than a PIN or security pattern, although there is a possibility that your fingerprints could be forged.

"Nothing is as secure as a complex password," said Preneel. "But of course, people also want the ease of use. Nobody likes to enter such a long code every time you want to unlock your mobile phone. Hence, security options based on biometric data, such as facial recognition or fingerprint, are preferred by many people. Both technologies will only get better in the coming years."

Copyright © 2024 The Brussels Times. All Rights Reserved.