OnePlus' Face Unlock feature is one of the fastest facial-recognition functions in the smartphone industry. However, as a user demonstrated this week, it's far from the most secure.
Rik van Duijn, a Dutch security researcher, demonstrated on Twitter earlier this week that the OnePlus 6 could easily be fooled with a paper cutout of the owner's face. The 16-second clip shows a friend of Van Duijn's holding up a printed color version of Van Duijn's face and breaking into Van Duijn's phone, while subsequent tweets claim that the workaround is effective even with a black-and-white cutout.
In the past, OnePlus has said its system relies on 100 unique facial identifiers, like the distance between the user's eyes. However, unlike the iPhone X's much-vaunted Face ID system, none of OnePlus' phones include a depth sensor. They conduct facial recognition entirely through the front-facing camera — meaning they can easily be spoofed by a 2D image.
In fairness to OnePlus, all phones that employ some variation of facial recognition operate this way (except for the iPhone X). This is why none of the Android phones, from the Galaxy S9 to the Huawei Mate 10 Pro, allow users to employ Face Unlock to authenticate payments. They're just not secure enough, because they don't operate on a constructed 3D model of the user's face.
Interestingly though, many users who have tried to spoof their OnePlus phones in the responses to Van Duijn's tweet aren't finding the same success. Last year, Forbes' Ben Sin tried to pull off the printed-face trick, using everything from life-size cutouts to an iPad, but couldn't get his OnePlus 5T to fall for it.
It's hardly surprising that phones like the OnePlus 6 can be duped with photographs, but it is an important reminder about the dangers of overly convenient forms of authentication.
If you're at all concerned about somebody getting into your device, it's probably best to avoid Face Unlock at all costs, especially if it relies on 2D scans and not elaborate 3D depth-maps. As a rule of thumb, these faster, more convenient solutions are typically only so precisely because they're easier to fool.
Credit: Shaun Lucas/Tom's Guide