
We Broke into a Bunch of Android Phones with a 3D-Printed Head - crunchiebones
https://www.forbes.com/sites/thomasbrewster/2018/12/13/we-broke-into-a-bunch-of-android-phones-with-a-3d-printed-head/#73b70be91330
======
bsenftner
FR is one biometric. One biometric can be spoofed, as this article shows. For
authentication of anything desiring security, such as financial transactions,
it is recommended to have at minimum 3 biometrics. Considering a phone can
perform financial transactions and is often a storage place for passwords, 3
biometrics should be required to unlock a phone. The iPhone's 3D FR is closer
to 1.5 biometrics, and with added software analyzing successive video and 3D
sensor "frames" it could become a full 2 biometrics - but one should still
have a 3rd, such as fingerprint or passcode for financial authentications. But
at that level, why have FR at all?

In time, within a year, publicly available FR systems will have "spoof
detection" suites. The FR software I work on does, but this is just the
beginning. Non-living 3D objects, such as that 3D printed head, fail under
motion analysis because it lacks the momentary flush of a human pulse, and
likewise that can be used to detect prosthetics on a face. Additionally, it is
too rigid, faces undergo constant subtle deformation - the lack of that is
also a spoof detection method.

