Android 4.0 Face Unlock Defeated With A Picture

27

Comments

+ Add a Comment
avatar

nmanguy

This doesn't bother me too much. If I drop my phone in a store and some unscrupulous character picks it up, they're not going to have my picture handy. The only real danger is people who know you, but at that point they're more likely to just keylog you than somehow pick your pocket, steal your phone, and bypass the lock.

avatar

Wingzero_x

Unless you're Ben Affleck then all anybody will need is a picture of their butt!

avatar

stradric

Was this marketed as some sort of high-security feature?  To me, it seemed like a convenience thing.  It certainly defeats butt-dialing, and the convenience of not having to swipe to unlock is quite nice.  It's also more secure than a simple swipe, which is what many people have.

I think people that want high security should be able to use a 2 or 3-phase unlock that requires a swipe-code, passcode, facial rec or any combination of the 3.

avatar

tornato7

This is really just meant to keep someone at a party from reading your text messages or something, not hide government secrets.

avatar

Magius

What if it is a government party? What then?

 

In all seriousness, facial recognition is a nifty curiousity at best right now. Until they implement protocols that recognize a live subject (via patterned heat recognition, not just heat for example) it will remain as so.

avatar

streetking

well, people might not want some of their friends, family, etc, going through their phones. and some of them probably have a picture of the phone owner on their phones. or there might be pictures of the phone owner lying around.

 

most people are just paranoid.

avatar

big_montana

Like a jealous wife for instance?

avatar

Holly Golightly

Well... What happens if you get a new scar on your face... Will you be denied access to your own phone? I see facial scanners completely flawed and that they should not be used if you are hiding sensitive information on your cellphone.

You want security? Use a biometric fingerprint scanner. For extra security, use the camera to scan your iris with pin point precision. No way around that. Even with a cellphone because of the jpeg artifact plus the pixels.

So... I feel these security features are for the paranoid who have really embarrassing stuff on their phone. I mean, what is it that you have to hide? None of my electronics have passwords. No need to. I want direct access right away. Simplicity is key here.

avatar

big_montana

Sorry, but I find fingerprint scanners to be flawed, as they are designed for peopel with small to normal digits, and deep grooved prints. I have large hands, and light patterened prints, and I have yet to meet a fingerprint scanner capable of scanning my prints.

avatar

Holly Golightly

You are right. Nothing is prefect. They could make adjustments to accomodate people with larger digits, or work on sensitivity. I have small digits but also light pattern prints too, so scanning them is near impossible. Takes too many tried, but the technology itself could be perfected. Maybe the future is the scanning of the iris. Although multi-step scanning is more secure of course.

avatar

stradric

> So... I feel these security features are for the paranoid who have really embarrassing stuff on their phone. I mean, what is it that you have to hide?

Most people have lots of things to hide.  I'm sure you do too.  Would you want a thief knowing exactly when was the best time to rob your house?  How about a child predator knowing when your child was home alone or where he/she went to school?  People that take precautions to protect themselves -- such as securing their personal information contained on their cell phones -- are far less likely to be victims.

Aside from the truly nightmarish scenarios, a smart phone often contains cached account credentials and access.  Android is linked to your google account.  Many people use things like Google Authenticator or Battle.net Authenticator.  This is sensitive info that can grant a malicious user damaging access to personal data and services.

> None of my electronics have passwords. No need to. I want direct access right away. Simplicity is key here.

So because you do it, then it must be good for everyone?  If you want to open yourself up to being a victim for the sake of convenience, then go for it, but don't disparage others for being practical -- or worse insinuate that they have some deep, dark, dirty secret to hide simply because they value privacy.

avatar

Holly Golightly

Consumers are no longer allowed the right to privacy. When you agree to that terms of use, they basically record you information, and share it among their affiliates. Also, the government can gain access to all of that info no problem. We must also learn that nothing is secure. Just look at what happened to Sony during the summer. Heck, even Steam, which is suppose to be the most secure network was recently hacked. This never happened before, but as they say... Never say never!

These password systems are only fooling the paranoid. As long as I have the USB cable to the phone, the password can be easily hacked from a computer with a rather simple program. As for my phone, I keep it close to me at all times, only my friends get to touch my phone, although I do not know if they are personally child predators, but I do not think of my friends in such way. I am not paranoid. As for my smartphone, yes, I have an Android linked with Google. I was forced to create a gmail account but it is not my primary email address. It is just something I had to use in order to use my phone. There is nothing personal there.

I just want to tell the truth. If you think you are absolutely secure with 1 little password from your phone? Think again. Your GPS coordinates are recorded and shared with big business and government entities. Hackers are brilliant and can use that data to their advantage. If you really want to be protected... Don't use any technology and you will not be recorded. That paranoid person is only fooling themselves. Why give yourself extra needless steps?

avatar

aaz110

While it's true that a hacker can probably get through a password with ease...that random person who finds your phone after it falls out of your pocket on the subway, is probably not a hacker. While a hacker may have no trouble with a password...most people simply are not hackers and if your phone is ever lost/stolen, the likelyhood of a hacker finding/stealing it is very low. That simple password that you're too lazy to use, really would come in handy in the most probable scenerio (read: any scenerio that does not involve a hacker).

Sure...a master car thief can bypass your security system, pick the locks, jumpstart the car, and then drive away with it....but so can any random kid if you leave the system turned off, the doors unlocked, and the keys in the car....or do you do that too?

avatar

Holly Golightly

But the real crimminals who are likely to track your credit card information ARE hackers. If it is just a regular person from the subway, they would probably just throw the SIM away and sell the phone off of ebay. They are not smart enough to use that personal information. If you see the world as people who want to track your spending, or as pedophiles... Then you are either overly paranoid, or are hiding something you would be embarrassed to show your own mother. It is plain and simple. I have already gone more than a decade of no passwords, and nobody has tracked anything of mine. I just keep things close to me. If you are irressponsible enough to always loose your phone, then chance are you deserve it. Really. And now that we can use pictures, it makes it that much more easier. You are never safe no matter how many languages you use in your password.

avatar

dgrmouse

re scar: no.  These algorithms work on the geometry of your face, not the quality of your skin.

avatar

Holly Golightly

Hey, anything can happen... Busted lip, black eye, broken nose... Accidents do happen.

avatar

Biceps

Ever heard of an e-Wallet?

avatar

Holly Golightly

That is a fairly new concept most cellphone users never heard about. Only techies like us read about it. Many people (me too) still use plastic. Most businesses like restaurants do not use cellphones as a method of payment... Anyhow, I would not want my e-Wallet to die on me because of poor battery life.

avatar

livebriand

Cash is, in my opinion, even better because the credit card companies can't track your purchases and sell it to marketers.

avatar

Holly Golightly

You know what... That is absolutely true. I hate the fact that my financial purchases are traceable. I am big on privacy, I do not know why I did not think of this. I want to go incognito. Be untraceable. But man, I will miss the ease of pulling out a credit card though. No coins to walk around with.

avatar

livebriand

You probably already have to bring cash with you because some restaurants and stores don't accept credit cards, plus bridge tolls, etc, so it's not much more hassle.

avatar

Holly Golightly

Nope, no cash at all. I get direct deposit, and I pay all of my bills online. As for restaurants, almost every restaurant in New York City accepts Discover and American Express. Heck, even cheap places like Mc.Donalds accept credit cards. I do most of my shopping online anyways. There are times when a store requires a minimum for credit card spending... Like a pizza shop or grocery store... But heck, that is why we have supermarkets for. I am absolutely honest with you, I do not carry cash on me because everything I do is done electronically. Heck, vending machines now accept credit cards, so overall, I am good. As for trolls, I destroy them.

avatar

AETAaAS

Maybe they can use Infrared to add a layer of difficulty. IIRC, a number of cameras can already pick up infrared so if there is a heat signature with countours to indicate its a real face, the normal face recognition software can do its work.

avatar

Biceps

I could be wrong, but I think that most (all?) digital cameras have the ability to pick out infrared light, but that it is (currently) filtered out by a physical filter, not a software or electronic hardware filter.  So, while your idea is a good one, I don't know if it could be implemented without some pretty major changes to the camera, or removing the physical filter then trying to use a software filter to take out the infrared.  Like the poster below, I'm talking well outside my knowledge bubble here, too, so anyone please feel free to correct me.

avatar

livebriand

Idk, but I tried pointing a standard IR remote at a camera and it showed up as white light. That camera is a decade old by now though, so it may be different on new ones. It's possible that it's not all that sensitive though to IR light, and it needs a direct beam like that to detect anything.

avatar

Taz0

That's exactly the problem. Infra red light appears like white light to a digital camera. So all you'd need to simulate IR is white light, which can be easily produced by a cell phone screen.

avatar

canadageek

The only way that I can see a fix to this would be to require the user to perform multiple facial gestures like smiling or turning your head. I don't really know how facial recognition works so I welcome replies correcting me.

Log in to MaximumPC directly or log in using Facebook

Forgot your username or password?
Click here for help.

Login with Facebook
Log in using Facebook to share comments and articles easily with your Facebook feed.