SMARTPHONES by the likes of Samsung, Nokia and Motorola can be fooled into unlocking simply by holding up a photo of the owner, a Which? investigation claims.
Seven major brands were found to have weak face ID tech which millions use to protect their phones and payment apps.
2
The consumer champion tested 48 devices and found 19 of them were easily duped.
Photos used weren’t even high quality – just bog-standard print outs on paper.
Of those tested, Xiaomi was found to have the most that failed, totalling seven phones.
Motorola had four, while Nokia, Oppo and Samsung each had two.
Honor and Vivo had one.
All the Apple iPhones Which? tested passed the spoofing tests.
The consumer rights group is now urging anyone who owns one of the affected handsets to switch off face recognition now and use a fingerprint sensor or PIN instead.
“It’s unacceptable that brands are selling phones that can easily be duped using a 2D photo, particularly if they are not making their customers aware of this vulnerability,” said Lisa Barber, Which? Tech Editor.
Most read in Phones & Gadgets
“Our findings have really worrying implications for people’s security and susceptibility to scams.”
The affected handsets are:
- Honor 70
- Motorola Razr 2022, Motorola Moto E13, Motorola Moto G13, Motorola Moto G23
- Nokia G60 5G, Nokia X30 5G
- Oppo A57, Oppo A57s
- Samsung Galaxy A23 5G, Samsung Galaxy M53 5G
- Vivo Y76 5G
- Xiaomi POCO M5, Xiaomi POCO M5s, Xiaomi POCO X5 Pro, Xiaomi 12T, Xiaomi 12T Pro, Xiaomi 12 Lite, Xiaomi 13
Which? notes that users in the UK can make contactless payments with Google Wallet up to £45 without needing to unlock the phone using face verification.
Google said that for higher value transactions, users must use a more secure Class 3 biometric unlock.
This should mean that people using the models that Which? was able to spoof are not able to complete transactions over £45 if face recognition is being used to unlock the phone.
Samsung responded that it provides various levels of biometric authentication, with the highest level of authentication from the fingerprint reader.
Nokia confirmed its affected phones have facial recognition software that do not have privileges in third party apps, and they tell customers that the phone can be unlocked by someone who looks a lot like them.
In its own testing with printed pictures, it did not register any issues.
Vivo said that it tells customers during the phone’s set up process that face recognition is less secure than other locks they offer – and that they have to review and agree to the noted Privacy Terms before setting up the 2D facial recognition system.
A spokesperson for Honor said that the Honor 70 and all its other smartphones offering this solution are usually complemented with Fingerprint technology that is typically far more secure.
“Ultimately, we leave the choice to the consumer to use the secure option they prefer,” they said.
Motorola, Oppo and Xiaomi did not respond to Which? with comment.
2
Best Phone and Gadget tips and hacks
Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered…
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]
This post first appeared on Thesun.co.uk
