After testing 110 smartphones from multiple vendors, the Dutch Consumentenbond not-for-profit organization concluded that the face unlock feature in 42 of them can be circumvented using a high-quality portrait photo of the owner.

Therefore, 38% of all the devices they tested would allow malicious third parties to immediately unlock phones that only use facial recognition as a locking mechanism and to gain access to all the data contained within, from photos to sensitive banking and personal data.

Face unlock promoted by phone makers although still not 100% secure

This is quite worrying when considering that most smartphone makers are promoting the face unlock feature as the next step in securing one's data, highlighting it as the option to use over the classic unlock pattern and pin code.

During their tests, the Consumentenbond examined the capabilities of the face unlock feature available in smartphones from Samsung, Apple, Nokia, Huawei, OnePlus, Oppo, Sony, BlackBerry, Motorola, Xiaomi, LG, Lenovo, HTC, Asus, Alcatel, and a few other manufacturers.

Out of all 110 phones, the 42 that were unlocked with a simple photo are listed below.

Alcatel 1X

Asus Zenfone 5 Lite 64 GB

Asus Zenfone 5, ZE620KL (64 GB)

BlackBerry Key2

BlackBerry Key2 (US version)

BQ Aquaris X2

BQ Aquaris X2 Pro

General Mobile GM8

HTC U11 +

Huawei P20 (EML - L29)

Huawei P20 Lite

Huawei P20 Pro (CLT - L29)

Lenovo Motorola Moto E5

Lenovo Motorola Moto E5 (BR version)

Lenovo Motorola Moto E5 Plus (BR version)

Lenovo Motorola Moto G6 Play

LG K9 (LM-X210EMW)

LG Q6 Alpha (LG-M700n)

Motorola Moto G6 Play (BR version)

Motorola One

Nokia 3.1

Nokia 3.1 (US version)

Nokia 7.1

Oukitel VU

Samsung Galaxy A7 (2018)

Samsung Galaxy A8 (32GB) (SM-A530F / DS

Samsung Galaxy A8 (64 GB)

Samsung Galaxy A8 + (SM-A730F)

Samsung Galaxy J8 Brasil

Sony Xperia L2 (H3311)

Sony Xperia L2 (H3321)

Sony Xperia XZ2 (H8216)

Sony Xperia XZ2 (US version)

Sony Xperia XZ2 Compact (H8314)

Sony Xperia XZ2 Compact (US version)

Sony Xperia XZ2 Compact Dual SIM (H8324)

Sony Xperia XZ2 Dual SIM (H8266)

Sony Xperia XZ2 Premium (US version)

Sony Xperia XZ3

Vodafone Smart N9

Xiaomi Mi A2

Xiaomi Mi A2 (32GB)



The latest smartphone models passed the test

As Consumentenbond said in their analysis, "With these devices it is better to set only a locking code or another form of biometric security (or a combination of both)."

Samsung's Galaxy S9, S9 + and Note 9, Huawei's Mate 20 and Mate 20 Pro, as well as Apple's iPhone XS, XS Max and XR are some of the phones that did not fall for the photo unlocking trick which seems to indicate that the latest generation of smartphones fair a lot better than older models.

This is not the first time reports have surfaced about facial recognition used by smartphones and personal computers being easily bypassed using a photo, but it is clearly the most comprehensive series of tests yet.

Via The Register