Digital image can dupe Android face-based lock

Discussion in 'Android News' started by Malvado, Nov 13, 2011.

  1. Malvado
    Offline

    Malvado DF News Team/Mod Premium Member

    Joined:
    Nov 7, 2009
    Messages:
    1,991
    Likes Received:
    15
    Trophy Points:
    103
    Ratings:
    +15



    A new feature in Android 4.0 will allow you to unlock the phone using facial recognition. But if you want high security, don't rely on it.

    A video demonstration created by mobile blog SoyaCincau shows that the Face Unlock feature can be fooled by showing it a mere image of the face used to set up the locking mechanism. The video shows someone unlocking a Galaxy Nexus running Android 4.0, also known as Ice Cream Sandwich, by holding in front of the device a digital photo taken of him that is displayed on another phone.

    Per the description of the YouTube video:

    The demo is done at an event where the Galaxy Nexus, which hasn't yet been publicly released, was on display. The information under the video says the test was conducted after someone sent the blogger a tweet asking if a printed photo could fool the Face Unlock feature. There was no printed picture handy, so the demo was done with a digital image of a face taken on a Galaxy Note phone.

    A Google representative contacted by CNET said the feature is considered low security and experimental. Even the interface warns users that "Face Unlock is less secure than a pattern, PIN, or password" and that "Someone who looks similar to you could unlock your phone."

    It's also true that someone would have to plan ahead to have a photo of a target and wait for that person to leave the phone unattended to get access to a device locked with the feature. There is no question that using this low-level security feature is better than not locking the phone at all, as long as you understand the limitations.

    Given the video demo, it's unclear why a Googler would have suggested recently that using a photo would not open up a device protected with Face Unlock. Last month, Koushik Dutta, a developer of the Android after-market firmware replacement CyanogenMod, tweeted: "The face recognition unlock thing is really easily hackable. Show it a photo." In response, Tim Bray, who is on the Android team, tweeted: "Nope. Give us some credit."

    "It was safe to assume that Google wouldn't let its face-recognition technology be bypassed using a photo but this confirms it," The Next Web wrote at the time. "Good news for those who were worried about their friends hacking their smartphone by using a Facebook profile photo or something similar."

    SOURCE: Face Unlock Tricked: Man Unlocks Galaxy Nexus Using Picture, Exposes Android Flaw (VIDEO)
     
  2. marleyinoc
    Offline

    marleyinoc Member

    Joined:
    Apr 25, 2010
    Messages:
    176
    Likes Received:
    0
    Trophy Points:
    16
    Ratings:
    +0
    There are levels of security on face unlock apps in market... on the lower levels a digital pic (assuming person who finds your phone knows what you look like) would work. On higher levels a digital pic will not work... but you may also increase chances of not have your face recognized. More setup pictures in varying levels of light can help reduce failures.

    Sent from my phone.
     
  3. wicked
    Offline

    wicked DF Administrator Staff Member Premium Member

    Joined:
    Oct 11, 2010
    Messages:
    4,154
    Likes Received:
    525
    Trophy Points:
    228
    Location:
    San Jose, CA
    Ratings:
    +539
    Current Phone Model:
    Sony Xperia Z3
    Twitter:
    @MikeAlvez
    Not so much worried of a stranger stealing my phone and happen to have a picture of me. :icon_ lala:
     
  4. JSM9872
    Offline

    JSM9872 DF Super Moderator Staff Member Premium Member

    Joined:
    Dec 21, 2010
    Messages:
    12,923
    Likes Received:
    287
    Trophy Points:
    498
    Location:
    Pennsylvania...
    Ratings:
    +287
    Current Phone Model:
    Galaxy Note 3
    I have a picture of you ready to go. Now to just get my hands on your phone :icon_ devil:

    In all seriousness I never thought of that. I guess it would be less safe at home in that case.
     
  5. DamirD1984
    Offline

    DamirD1984 Member

    Joined:
    Sep 1, 2011
    Messages:
    101
    Likes Received:
    1
    Trophy Points:
    18
    Ratings:
    +1
    I've got nothing to hide ;-p


    But I would let it capture a facial expression to make it a little more difficult
     
  6. Ohyea!
    Offline

    Ohyea! Member

    Joined:
    Mar 30, 2010
    Messages:
    141
    Likes Received:
    8
    Trophy Points:
    18
    Ratings:
    +10
    Sounds like a nosy wife or girlfriends new best friend. Thanks a lot Google...:mad:
     
  7. dezymond
    Online

    dezymond Tech Support Mod Staff Member Premium Member

    Joined:
    Nov 11, 2009
    Messages:
    11,048
    Likes Received:
    745
    Trophy Points:
    558
    Location:
    Bay Area, California
    Ratings:
    +757
    Current Phone Model:
    Samsung Galaxy s4
    Not much of a flaw, I knew it would work with a picture. Not a fingerprint or breath analyzer after all.

    Recognizes and remembers the face, so of course it'll work with a picture.
     
  8. Sweettooth
    Offline

    Sweettooth Member

    Joined:
    Jan 15, 2010
    Messages:
    725
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Dallas, Texas
    Ratings:
    +10
    Somehow I don't think the face unlock was built as a security feature as much as a convenience feature.
     
  9. cush2push
    Offline

    cush2push Premium Member Premium Member Developer

    Joined:
    Jul 21, 2010
    Messages:
    673
    Likes Received:
    6
    Trophy Points:
    18
    Location:
    Albuquerque NM
    Ratings:
    +6
    this isnt a big deal at least to me it isnt a dev phone with out a stupid UI over it is good enough for me
    as wicked said it isnt the phone unlocking to a picture that would scare me its a stranger having my pic that would
     
  10. mikeinctown
    Offline

    mikeinctown Member

    Joined:
    Nov 30, 2009
    Messages:
    341
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Cleveland
    Ratings:
    +0
    +1, convenience for sure. Just look at the phone to unlock. And if you lose it, what are the chances the person who finds/steals it has a photo of you?
     
  11. kodiak799
    Offline

    kodiak799 Silver Member

    Joined:
    Feb 20, 2010
    Messages:
    4,962
    Likes Received:
    283
    Trophy Points:
    198
    Ratings:
    +294
    I don't know....a pattern is pretty quick and easy to do. But I bet patterns aren't all that secure or uncommon, not unlike people choosing 1234 as a pin. Facial recognition may actually be superior for most, depends on how accurate and quick it is.
     
  12. dezymond
    Online

    dezymond Tech Support Mod Staff Member Premium Member

    Joined:
    Nov 11, 2009
    Messages:
    11,048
    Likes Received:
    745
    Trophy Points:
    558
    Location:
    Bay Area, California
    Ratings:
    +757
    Current Phone Model:
    Samsung Galaxy s4
    The facial recognition feature works fairly quickly form what I've seen. I always thought, especially after the failed demo at the announcement, that one would have to hold the phone up to their face for a good 3-5 seconds, but it's much quicker than that from what I've seen on other demos.