In recent years mobile and app unlocking technologies have progressed from password and screen swipes to fingerprint and most recently face scans. Hackers have followed along, attempting to defeat each new security measure with often novel schemes. In 2017 a Vietnamese company cracked the Apple iPhone X’s Face ID using homemade masks constructed of 3D-printed plastic, silicone, makeup and cutouts; while identical twin siblings have also managed to dupe such facial recognition systems. These methods however lack practicality, as constructing the masks was complicated and not everyone has a twin brother or sister.

Everyone, however, sleeps. And Synced has found a simple way to challenge cutting-edge facial recognition security scans: just point a camera at the unaware subject while they are sleeping.

In an experiment conducted by Synced, 13 individuals and 12 flagship smartphones were tested to see whether mobile payment platforms WeChat and Alipay could be accessed by scanning users’ faces with their eyes closed.

Facial recognition technology is becoming mainstream in China, and has been widely adopted for mobile payment systems, where the country is a global leader. Synced’s aim was not to downgrade tech giants’ efforts with cutting-edge AI technologies, but to open a discussion on a potential vulnerability — accounts could be accessed by exploiting a user who is asleep, drunk, drugged, etc. — in order to help prevent potential abuse. We found: