OnePlus 6 face unlock fooled by a printed photo (Update)
The OnePlus 5T was the company's first phone to support a face unlock feature, but since it lacked the means for depth sensing and 3D face mapping, many people were wondering if the phone just recognized its supposed owner from a glorified "selfie". Well, it turned out that OnePlus was wiser than that and actually employed their own custom solution, developed by a Chinese security company called SenseTime, that has a sizeable background in facial recognition.
The secureness of the feature was called into question numerous times—even here, at the office, where yours truly was able to enroll a face from a printed photo, though not actually unlock the device—but it was really quick and did a commendable job. That's why, we weren't surprised to hear that face unlock would be making a return on the OnePlus 6. What we were surprised by, however, is how easy it apparently is to fool the face unlock system on OnePlus's latest phone.
I printed my face to unlock my OnePlus 6 for the lulz... it worked ¯\_(ツ)_/¯ pic.twitter.com/rAVMq8JKBr— rik (@rikvduijn) May 29, 2018
Twitter user @rikvduijn yesterday posted a video of the OnePlus 6 being unlocked with a paper cutout of his face. Worst of all? The method apparently works with a black and white photo as well.
In the video, you can see one of Rik's friends holding a photo of his face—just a selfie, judging by the wide-angle appearance of the image—and showing it to the OnePlus 6, which almost immediately (and terrifyingly) grants him access to the OS.
We have reached out to OnePlus for a comment and will update if and when we receive a response.
Update: OnePlus has provided us with the following statement:
"We designed Face Unlock around convenience, and while we took corresponding measures to optimise its security we always recommended you use a password/PIN/fingerprint for security. For this reason Face Unlock is not enabled for any secure apps such as banking or payments. We’re constantly working to improve all of our technology, including Face Unlock."
source: @rikvduijn via Reddit
Things that are NOT allowed: