OnePlus 6 just launched globally, but it looks like its Face Unlock feature might not be so secure. A user on Twitter has shown how the Face Unlock can be easily fooled by a simple photo. OnePlus in its response has said the feature is ‘designed for convenience’ and that they still recommend users rely on pin/pattern/fingerprint for extra security.
A Twitter user with the handle @rikvduijn shared a video of how his friend used a photo of ‘rik’ with the OnePlus 6, which easily unlocked. In the video, the friend is using a mask like cut-out of the user’s face, and the phone was tricked by the same. However, it has been revealed that the same problem does not appear to be true for the OnePlus 5T, where using a cut-out of someone’s face did not confuse the Face Unlock feature. Rik also posted that OnePlus had contacted him, and said they were investigating the issue.
I printed my face to unlock my OnePlus 6 for the lulz… it worked ¯_(ツ)_/¯ pic.twitter.com/rAVMq8JKBr
— rik (@rikvduijn) May 29, 2018
OnePlus in its statement said, “We designed Face Unlock around convenience, and while we took corresponding measures to optimise its security we always recommended you use a password/PIN/fingerprint for security. For this reason, Face Unlock is not enabled for any secure apps such as banking or payments. We’re constantly working to improve all of our technology, including Face Unlock.”
OnePlus’ statement hints that the Face Unlock feature might not be so secure on its own. It is unclear if the company will be issuing a bug fix for the Face Unlock feature. What is scary is that someone can unlock the device with just a large printed photo. Clearly relying on just Face Unlock for the OnePlus 6 might not be such a secure idea, till the company issues a fix.
It should be noted that biometrics in particular are never considered as entirely secure on their own. We have seen in the past how fingerprints can be cloned, iris scanners on phones can be fooled etc. Face Unlock feature might have become common on most phones, but this is still a software driven feature, which makes it not so secure. In Apple’s case, the company is relying on hardware to power Face ID on the iPhone X. This includes a TrueDepth camera, an Infrared camera, a Flood illuminator, and a Dot Projector. Apple’s Face ID uses a detailed depth map of the face to recognise the user, and it cannot be fooled by masks, even 3D masks.