OnePlus first introduced the Face Unlock feature on last year’s OnePlus 5T. The phone lacked depth sensing and 3D face mapping so OnePlus utilized a custom solution developed by a Chinese security company called SenseTime which has a pedigree in facial recognition.
The OnePlus 5T’s Face Unlock feature was discovered to be unsecure as it was discovered to lack the ability to differentiate a real face from a printed photo despite being capable of unlocking the device in record time. Some users were able to register a face from a printed photo but not actually unlock the device. The feature was thus included on the OnePlus 6 and it seems the flaw still lingers and is even worse.
I printed my face to unlock my OnePlus 6 for the lulz… it worked ¯_(ツ)_/¯ pic.twitter.com/rAVMq8JKBr
— rik (@rikvduijn) May 29, 2018
A Twitter user @rikvduijn posted a video on Tuesday which showed the OnePlus 6 being unlocked with a paper cutout of his face. Interestingly, the method apparently works with a black and white photo as well. The video captures one of the user’s friends holding a photo of his face and showing it to the OnePlus 6. This instantly granted the user access to the OS, meaning the Face Unlock feature can be fooled.
OnePlus is quick to respond to this flaw and the response is really not different from what we know about Face Unlock. The statement released by the company stated thus; “We designed Face Unlock around convenience, and while we took corresponding measures to optimise its security we always recommended you use a password/PIN/fingerprint for security. For this reason, Face Unlock is not enabled for any secure apps such as banking or payments. We’re constantly working to improve all of our technology, including Face Unlock.”