Digital image can dupe Android face-based lock

Discussion in 'Android News' started by Malvado, Nov 13, 2011.

  1. Malvado

    Malvado DF News Team/Mod Premium Member

    Joined:
    Nov 7, 2009
    Messages:
    1,991
    Likes Received:
    15
    Trophy Points:
    103
    Ratings:
    +15



    A new feature in Android 4.0 will allow you to unlock the phone using facial recognition. But if you want high security, don't rely on it.

    A video demonstration created by mobile blog SoyaCincau shows that the Face Unlock feature can be fooled by showing it a mere image of the face used to set up the locking mechanism. The video shows someone unlocking a Galaxy Nexus running Android 4.0, also known as Ice Cream Sandwich, by holding in front of the device a digital photo taken of him that is displayed on another phone.

    Per the description of the YouTube video:

    The demo is done at an event where the Galaxy Nexus, which hasn't yet been publicly released, was on display. The information under the video says the test was conducted after someone sent the blogger a tweet asking if a printed photo could fool the Face Unlock feature. There was no printed picture handy, so the demo was done with a digital image of a face taken on a Galaxy Note phone.

    A Google representative contacted by CNET said the feature is considered low security and experimental. Even the interface warns users that "Face Unlock is less secure than a pattern, PIN, or password" and that "Someone who looks similar to you could unlock your phone."

    It's also true that someone would have to plan ahead to have a photo of a target and wait for that person to leave the phone unattended to get access to a device locked with the feature. There is no question that using this low-level security feature is better than not locking the phone at all, as long as you understand the limitations.

    Given the video demo, it's unclear why a Googler would have suggested recently that using a photo would not open up a device protected with Face Unlock. Last month, Koushik Dutta, a developer of the Android after-market firmware replacement CyanogenMod, tweeted: "The face recognition unlock thing is really easily hackable. Show it a photo." In response, Tim Bray, who is on the Android team, tweeted: "Nope. Give us some credit."

    "It was safe to assume that Google wouldn't let its face-recognition technology be bypassed using a photo but this confirms it," The Next Web wrote at the time. "Good news for those who were worried about their friends hacking their smartphone by using a Facebook profile photo or something similar."

    SOURCE: Face Unlock Tricked: Man Unlocks Galaxy Nexus Using Picture, Exposes Android Flaw (VIDEO)
     
  2. marleyinoc

    marleyinoc Member

    Joined:
    Apr 25, 2010
    Messages:
    176
    Likes Received:
    0
    Trophy Points:
    16
    Ratings:
    +0
    There are levels of security on face unlock apps in market... on the lower levels a digital pic (assuming person who finds your phone knows what you look like) would work. On higher levels a digital pic will not work... but you may also increase chances of not have your face recognized. More setup pictures in varying levels of light can help reduce failures.

    Sent from my phone.
     
  3. wicked

    wicked DF Administrator Staff Member Premium Member

    Joined:
    Oct 11, 2010
    Messages:
    4,545
    Likes Received:
    886
    Trophy Points:
    258
    Location:
    San Jose, CA
    Ratings:
    +975
    Current Phone Model:
    Sony Xperia Z3
    Twitter:
    @MikeAlvez
    Not so much worried of a stranger stealing my phone and happen to have a picture of me. :icon_ lala:
     
  4. JSM9872

    JSM9872 DF Super Moderator Staff Member Premium Member

    Joined:
    Dec 21, 2010
    Messages:
    12,922
    Likes Received:
    287
    Trophy Points:
    498
    Location:
    Pennsylvania...
    Ratings:
    +287
    Current Phone Model:
    Galaxy Note 3
    I have a picture of you ready to go. Now to just get my hands on your phone :icon_ devil:

    In all seriousness I never thought of that. I guess it would be less safe at home in that case.
     
  5. DamirD1984

    DamirD1984 Member

    Joined:
    Sep 1, 2011
    Messages:
    101
    Likes Received:
    1
    Trophy Points:
    18
    Ratings:
    +1
    I've got nothing to hide ;-p


    But I would let it capture a facial expression to make it a little more difficult
     
  6. Ohyea!

    Ohyea! Member

    Joined:
    Mar 30, 2010
    Messages:
    165
    Likes Received:
    16
    Trophy Points:
    18
    Ratings:
    +20
    Current Phone Model:
    Nexus 6
    Sounds like a nosy wife or girlfriends new best friend. Thanks a lot Google...:mad:
     
  7. dezymond

    dezymond Tech Support Mod Staff Member Premium Member

    Joined:
    Nov 11, 2009
    Messages:
    11,237
    Likes Received:
    872
    Trophy Points:
    573
    Location:
    Bay Area, California
    Ratings:
    +918
    Current Phone Model:
    Samsung Galaxy s4
    Not much of a flaw, I knew it would work with a picture. Not a fingerprint or breath analyzer after all.

    Recognizes and remembers the face, so of course it'll work with a picture.
     
  8. Sweettooth

    Sweettooth Member

    Joined:
    Jan 15, 2010
    Messages:
    726
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Dallas, Texas
    Ratings:
    +11
    Somehow I don't think the face unlock was built as a security feature as much as a convenience feature.
     
  9. cush2push

    cush2push Premium Member Premium Member Developer

    Joined:
    Jul 21, 2010
    Messages:
    673
    Likes Received:
    6
    Trophy Points:
    18
    Location:
    Albuquerque NM
    Ratings:
    +6
    this isnt a big deal at least to me it isnt a dev phone with out a stupid UI over it is good enough for me
    as wicked said it isnt the phone unlocking to a picture that would scare me its a stranger having my pic that would
     
  10. mikeinctown

    mikeinctown Member

    Joined:
    Nov 30, 2009
    Messages:
    341
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Cleveland
    Ratings:
    +0
    +1, convenience for sure. Just look at the phone to unlock. And if you lose it, what are the chances the person who finds/steals it has a photo of you?
     
  11. kodiak799

    kodiak799 Silver Member

    Joined:
    Feb 20, 2010
    Messages:
    5,234
    Likes Received:
    407
    Trophy Points:
    198
    Ratings:
    +467
    I don't know....a pattern is pretty quick and easy to do. But I bet patterns aren't all that secure or uncommon, not unlike people choosing 1234 as a pin. Facial recognition may actually be superior for most, depends on how accurate and quick it is.
     
  12. dezymond

    dezymond Tech Support Mod Staff Member Premium Member

    Joined:
    Nov 11, 2009
    Messages:
    11,237
    Likes Received:
    872
    Trophy Points:
    573
    Location:
    Bay Area, California
    Ratings:
    +918
    Current Phone Model:
    Samsung Galaxy s4
    The facial recognition feature works fairly quickly form what I've seen. I always thought, especially after the failed demo at the announcement, that one would have to hold the phone up to their face for a good 3-5 seconds, but it's much quicker than that from what I've seen on other demos.