How Tsinghua Researchers Unlocked 19 Chinese Smartphones in 15 Minutes Using Face‑Recognition Flaws

Researchers from Tsinghua University's RealAI team discovered a critical flaw in facial recognition systems that allowed them to unlock 19 Chinese smartphones in just 15 minutes. They selected 20 phones (one foreign, 19 domestic) covering a range of price points and brands.

Step 1

All 19 domestic phones were configured to recognize the same face – the “Person 1” used in the experiment.

Step 2

A colleague presented each phone to the system, which instantly unlocked the device using facial recognition.

Step 3

The researchers printed the target face (especially the eye region) and placed it on a pair of glasses. When the glasses were worn, the phones were unlocked in seconds.

The result was that every tested device, from low‑end models to premium phones priced over 4,000 CNY, was opened within seconds, granting full access to photos, videos, apps, and even mobile banking functions.

The team noted that similar attacks in international hacking competitions often require multiple attempts and fail, yet their method succeeded effortlessly.

Further testing with various users and phones confirmed that the vulnerability was consistent across devices, leading to immediate, unrestricted unlocking.

The researchers warned that current facial recognition technology is far from reliable, citing both technical immaturity and insufficient attention from providers and users.

They also highlighted real‑world incidents, such as a home‑buyer being denied a 2% discount after a facial‑recognition system recorded a prior visit, resulting in a loss of nearly 200,000 CNY.

Additional examples include pervasive surveillance cameras in malls, restaurants, and public spaces that capture facial data without consent, raising serious privacy concerns.

While facial recognition offers convenience in scenarios like high‑speed rail boarding and payment, its widespread misuse and the ease of bypassing it— even with masks or glasses—pose significant security threats.

The article concludes that unchecked deployment of facial‑recognition technology could lead to severe privacy violations and urges immediate regulatory action.