Since launching on the iPhone X back in 2017, facial recognition has become a staple feature in most smartphones.
But while the technology is undeniably handy, it could land you in hot water if you have a smartphone from Honor, Motorola, Nokia, Oppo, Samsung, Vivo, or Xiaomi.
Experts from Which? have warned that 19 phones from these popular brands have facial recognition systems that can easily be fooled by 2D photos.
Lisa Barber, Tech Editor at Which?, said: ‘It’s unacceptable that brands are selling phones that can easily be duped using a 2D photo, particularly if they are not making their customers aware of this vulnerability.
‘Our findings have really worrying implications for people’s security and susceptibility to scams.’
Since launching on the iPhone X back in 2017, facial recognition has become a staple feature in most smartphones. But while the technology is undeniably handy, it could land you in hot water if you have a smartphone from Honor, Motorola, Nokia, Oppo, Samsung, Vivo, or Xiaomi (stock image)
Which phones are affected?
- Honor 70
- Motorola Razr 2022, Motorola Moto E13, Motorola Moto G13, Motorola Moto G23
- Nokia G60 5G, Nokia X30 5G
- Oppo A57, Oppo A57s
- Samsung Galaxy A23 5G, Samsung Galaxy M53 5G
- Vivo Y76 5G
- Xiaomi POCO M5, Xiaomi POCO M5s, Xiaomi POCO X5 Pro, Xiaomi 12T, Xiaomi 12T Pro, Xiaomi 12 Lite, Xiaomi 13
For their study, Which? sent 48 smartphones to the lab for testing.
Worryingly, 40 per cent (19) of the devices tested were easily spoofed with a 2D photo that was ‘not even particularly high resolution’ and had been printed on a standard office printer.
Chinese phone brand, Xiaomi, was found to have seven phones that could be exploited, while Motorola had four, Nokia, Oppo and Samsung had two each and Honor and Vivo had one each.
Most of the faulty phones were at the cheaper end of the market, including the Motorola Moto E13, which retails for £89.99, and the Nokia G60 5G, which costs £249.99.
However, the issue also affected several expensive handsets, including the Motorola Razr 2022, which costs £949.99, and the Xiaomi 13, which is priced at £849.
iPhone users can rest easy for now though, as all the Apple phones tested by Which? passed the spoofing tests with flying colours.
The findings raise concerns about the huge amount of sensitive information scammers could access with just a 2D photo.
The issue affects several expensive handsets, including the Motorola Razr 2022 (pictured), which costs £949.99, and the Xiaomi 13, which is priced at £849.
Chinese phone brand, Xiaomi, was found to have seven phones that could be exploited, while Motorola had four, Nokia, Oppo and Samsung had two each and Honor and Vivo had one each
Which? highlights that the Google Wallet app is available on all the affected phones and provides access to bank cards registered on the device.
In the UK, users can make contactless payments with Google Wallet up to £45 without needing to unlock the phone, while beyond that, more secure biometrics are required.
If you have one of the affected phones, Which? recommends using a different biometric to secure your device.
‘We would strongly advise anyone using these phones to turn off face recognition and use the fingerprint sensor, a strong password or long PIN instead,’ Ms Barber advised.
Based on the findings, Which? is calling on manufacturers to improve the security of their facial recognition systems.
‘This needs to be a wake up call for manufacturers – they need to step up and improve the security of their biometric systems against spoofing,’ Ms Barber added.
In response to the study, Nokia highlighted that it tells customers that the phone can be unlocked by someone who looks a lot like them, while Samsung said that its fingerprint reader is its highest level of authentication.
Meanwhile Vivo said that it tells customers during the phone’s set-up that facial recognition is less secure than other locks they offer.
Honor, Motorola, Oppo and Xiaomi did not respond to Which?’s request for comment.
What to do if your device is affected
- Turn off facial recognition and use the fingerprint sensor, or a password or PIN instead.
- Long PINS, at least six digits, are generally more secure and if you can set up a password, use different characters so it’s harder to guess.
- Set up protections on your apps that contain sensitive information too – this could involve logging out when you’re not using them, or setting up passwords or biometric locks.
- Set up a second lock on your Google Wallet app. This can be a PIN, pattern, password, logged fingerprint or Iris scan, depending on what your phone offers.