Since its launch on the iPhone X in 2017, facial recognition has become an important feature on most smartphones.
But while the technology is undeniably useful, if you own a smartphone from Honor, Motorola, Nokia, Oppo, Samsung, Vivo, or Xiaomi, it could land you in hot water.
Experts of which? have warned that 19 phones from these popular brands have facial recognition systems that can be easily tricked by 2D photos.
Lisa Barber, technical editor at Which?, said: ‘It is unacceptable for brands to sell phones that can be easily tricked using a 2D photo, especially if they fail to notify their customers of this vulnerability.
“Our findings have really troubling implications for people’s safety and their susceptibility to being scammed.”
Since its launch on the iPhone X in 2017, facial recognition has become an important feature on most smartphones. But while the technology is undeniably useful, if you own a smartphone from Honor, Motorola, Nokia, Oppo, Samsung, Vivo, or Xiaomi, it could land you in hot water (stock image)
Which phones are affected?
- Honor 70
- Motorola Razr 2022, Motorola Moto E13, Motorola Moto G13, Motorola Moto G23
- Nokia G60 5G, Nokia X30 5G
- Oppo A57, Oppo A57s
- Samsung Galaxy A23 5G, Samsung Galaxy M53 5G
- Vivo Y76 5G
- Xiaomi POCO M5, Xiaomi POCO M5s, Xiaomi POCO X5 Pro, Xiaomi 12T, Xiaomi 12T Pro, Xiaomi 12 Lite, Xiaomi 13
For their studies, which ones? sent 48 smartphones to the lab for testing.
Disturbingly, 40 percent (19) of the tested devices could easily be counterfeited with a 2D photo that was “not even a particularly high resolution” and printed on a standard office printer.
Chinese phone brand Xiaomi was found to have seven phones that could be abused, while Motorola had four, Nokia, Oppo and Samsung had two each and Honor and Vivo had one each.
Most of the faulty phones were on the cheaper end of the market, including the Motorola Moto E13, which retails for £89.99, and the Nokia G60 5G, which costs £249.99.
However, the problem also affected several expensive handsets, including the Motorola Razr 2022, which costs £949.99, and the Xiaomi 13, which costs £849.
However, iPhone users can rest easy for now, as all Apple phones have been tested by Which? passed the spoofing tests with flying colors.
The findings raise concerns about the vast amount of sensitive information that scammers can access with just a 2D photo.
The issue is affecting several expensive handsets, including the Motorola Razr 2022 (pictured), which costs £949.99, and the Xiaomi 13, which costs £849.
Chinese phone brand Xiaomi was found to have seven phones that could be abused, while Motorola had four, Nokia, Oppo and Samsung had two each and Honor and Vivo had one each
Which? emphasizes that the Google Wallet app is available on all affected phones and provides access to bank cards registered on the device.
In the UK, users can make contactless payments using Google Wallet for up to £45 without unlocking the phone, while more secure biometrics are required outside of that.
If you have one of the affected phones, which one? recommends using a different biometric to secure your device.
“We strongly recommend that anyone using these phones disable facial recognition and use the fingerprint sensor, a strong password or a long PIN instead,” Ms Barber advised.
Based on the findings, which ones? calls on manufacturers to improve the security of their facial recognition systems.
“This should be a wake-up call for manufacturers – they need to step up and improve the security of their biometric systems against spoofing,” Ms Barber added.
In response to the investigation, Nokia stressed that it tells customers the phone can be unlocked by someone who looks a lot like them, while Samsung said the fingerprint reader is the highest level of authentication.
Meanwhile, Vivo said it tells customers during phone setup that facial recognition is less secure than other locks they offer.
Honor, Motorola, Oppo and Xiaomi did not respond to Which?’s request for comment.
What to do if your device is affected
- Disable facial recognition and use the fingerprint sensor or a password or PIN instead.
- Long PINs, at least six digits, are generally more secure, and if you can set a password, use several characters to make it harder to guess.
- Set up protections for your apps that also contain sensitive information – this could include logging out when not in use, or setting up passwords or biometric locks.
- Set up a second slot on your Google Wallet app. This can be a PIN, pattern, password, registered fingerprint or iris scan, depending on what your phone offers.