There’s a new method hackers can use to break into someone’s smartphone: create a 3D-print life-size replica of the owner’s head.
To show how the method can work, Forbes reporter Thomas Brewster had a 3D print of his own head created at Backface in Birmingham, U.K. He then used his real-life head to set up facial recognition on five phones, including the iPhone X and four Android devices: an LG G7 ThinQ, a Samsung S9, a Samsung Note 8 and a OnePlus 6.
“I then held up my fake head to the devices to see if the device would unlock. For all four Android phones, the spoof face was able to open the phone, though with differing degrees of ease. The iPhone X was the only one to never be fooled,” he wrote.
While creating the 3D head might seem like a hard task, the entire process only took a few days and cost just over £300.
And it’s not just hackers who can use the method to their advantage. Since biometrics isn’t protected under the Fifth Amendment, law enforcement can potentially use 3D printing to legally gain access to your phone.
“Legally, it’s no different from using fingerprints to unlock a device,” Orin Kerr, professor at USC Gould School of Law, said via email, according to TechCrunch. “The government needs to get the biometric unlocking information somehow,” by either the finger pattern shape or the head shape.
So what is the best way to protect a smartphone? Matt Lewis, research director at cybersecurity contractor NCC Group, suggests using a strong alphanumeric passcode.
“Focus on the secret aspect, which is the PIN and the password,” he said. “The reality with any biometrics is that they can be copied. Anyone with enough time, resources and objective will invest to try and spoof these biometrics.”