Android 4.0 Face Unlock Defeated With A Picture
Android 4.0 Face Unlock Defeated With A Picture
Posted 11/11/2011 at 3:31pm
| by Ryan Whitwam
27
Comments
Print
At Google’s Ice Cream Sandwich (ICS) launch event, the new Face Unlock feature was called ‘beta’, and it turns out with good reason. At a recent Samsung demo event, one reviewer had the chance to play with the Galaxy Nexus and test out the Face Unlock feature. After setting up the device to recognize him and unlock the phone, he was able to unlock the device with a picture of himself on a second phone. Oops.
Users have been wondering if this was possible, or if Google had worked out some sort of fix for this ago-old facial recognition problem. The demo filmed by the blogger was quite striking, with the device unlocking almost immediately. Clearly, this is not meant to be an ironclad security method.
it is important to note that there are currently a few different builds of ICS running on demo Nexus devices. It’s possible that the final version of the software won’t have this issue, but we expect that to be one of the first things tested when final review units go out.
More like this
27
Comments
Comments are closed on this article
nmanguy
November 12, 2011 at 10:00pm
This doesn't bother me too much. If I drop my phone in a store and some unscrupulous character picks it up, they're not going to have my picture handy. The only real danger is people who know you, but at that point they're more likely to just keylog you than somehow pick your pocket, steal your phone, and bypass the lock.
Wingzero_x
November 13, 2011 at 3:59pm
Unless you're Ben Affleck then all anybody will need is a picture of their butt!
stradric
November 12, 2011 at 8:15pm
Was this marketed as some sort of high-security feature? To me, it seemed like a convenience thing. It certainly defeats butt-dialing, and the convenience of not having to swipe to unlock is quite nice. It's also more secure than a simple swipe, which is what many people have.
I think people that want high security should be able to use a 2 or 3-phase unlock that requires a swipe-code, passcode, facial rec or any combination of the 3.
tornato7
November 11, 2011 at 5:42pm
This is really just meant to keep someone at a party from reading your text messages or something, not hide government secrets.
Magius
November 12, 2011 at 4:04am
What if it is a government party? What then?
In all seriousness, facial recognition is a nifty curiousity at best right now. Until they implement protocols that recognize a live subject (via patterned heat recognition, not just heat for example) it will remain as so.
streetking
November 12, 2011 at 1:44am
well, people might not want some of their friends, family, etc, going through their phones. and some of them probably have a picture of the phone owner on their phones. or there might be pictures of the phone owner lying around.
most people are just paranoid.
Holly Golightly
November 11, 2011 at 4:48pm
Well... What happens if you get a new scar on your face... Will you be denied access to your own phone? I see facial scanners completely flawed and that they should not be used if you are hiding sensitive information on your cellphone.
You want security? Use a biometric fingerprint scanner. For extra security, use the camera to scan your iris with pin point precision. No way around that. Even with a cellphone because of the jpeg artifact plus the pixels.
So... I feel these security features are for the paranoid who have really embarrassing stuff on their phone. I mean, what is it that you have to hide? None of my electronics have passwords. No need to. I want direct access right away. Simplicity is key here.
big_montana
November 14, 2011 at 5:54am
Sorry, but I find fingerprint scanners to be flawed, as they are designed for peopel with small to normal digits, and deep grooved prints. I have large hands, and light patterened prints, and I have yet to meet a fingerprint scanner capable of scanning my prints.
Holly Golightly
November 14, 2011 at 10:07am
You are right. Nothing is prefect. They could make adjustments to accomodate people with larger digits, or work on sensitivity. I have small digits but also light pattern prints too, so scanning them is near impossible. Takes too many tried, but the technology itself could be perfected. Maybe the future is the scanning of the iris. Although multi-step scanning is more secure of course.
stradric
November 12, 2011 at 9:03pm
> So... I feel these security features are for the paranoid who have really embarrassing stuff on their phone. I mean, what is it that you have to hide?
Most people have lots of things to hide. I'm sure you do too. Would you want a thief knowing exactly when was the best time to rob your house? How about a child predator knowing when your child was home alone or where he/she went to school? People that take precautions to protect themselves -- such as securing their personal information contained on their cell phones -- are far less likely to be victims.
Aside from the truly nightmarish scenarios, a smart phone often contains cached account credentials and access. Android is linked to your google account. Many people use things like Google Authenticator or Battle.net Authenticator. This is sensitive info that can grant a malicious user damaging access to personal data and services.
> None of my electronics have passwords. No need to. I want direct access right away. Simplicity is key here.
So because you do it, then it must be good for everyone? If you want to open yourself up to being a victim for the sake of convenience, then go for it, but don't disparage others for being practical -- or worse insinuate that they have some deep, dark, dirty secret to hide simply because they value privacy.
Holly Golightly
November 12, 2011 at 10:13pm
Consumers are no longer allowed the right to privacy. When you agree to that terms of use, they basically record you information, and share it among their affiliates. Also, the government can gain access to all of that info no problem. We must also learn that nothing is secure. Just look at what happened to Sony during the summer. Heck, even Steam, which is suppose to be the most secure network was recently hacked. This never happened before, but as they say... Never say never!
These password systems are only fooling the paranoid. As long as I have the USB cable to the phone, the password can be easily hacked from a computer with a rather simple program. As for my phone, I keep it close to me at all times, only my friends get to touch my phone, although I do not know if they are personally child predators, but I do not think of my friends in such way. I am not paranoid. As for my smartphone, yes, I have an Android linked with Google. I was forced to create a gmail account but it is not my primary email address. It is just something I had to use in order to use my phone. There is nothing personal there.
I just want to tell the truth. If you think you are absolutely secure with 1 little password from your phone? Think again. Your GPS coordinates are recorded and shared with big business and government entities. Hackers are brilliant and can use that data to their advantage. If you really want to be protected... Don't use any technology and you will not be recorded. That paranoid person is only fooling themselves. Why give yourself extra needless steps?
aaz110
November 13, 2011 at 1:36am
While it's true that a hacker can probably get through a password with ease...that random person who finds your phone after it falls out of your pocket on the subway, is probably not a hacker. While a hacker may have no trouble with a password...most people simply are not hackers and if your phone is ever lost/stolen, the likelyhood of a hacker finding/stealing it is very low. That simple password that you're too lazy to use, really would come in handy in the most probable scenerio (read: any scenerio that does not involve a hacker).
Sure...a master car thief can bypass your security system, pick the locks, jumpstart the car, and then drive away with it....but so can any random kid if you leave the system turned off, the doors unlocked, and the keys in the car....or do you do that too?
Holly Golightly
November 13, 2011 at 2:20pm
But the real crimminals who are likely to track your credit card information ARE hackers. If it is just a regular person from the subway, they would probably just throw the SIM away and sell the phone off of ebay. They are not smart enough to use that personal information. If you see the world as people who want to track your spending, or as pedophiles... Then you are either overly paranoid, or are hiding something you would be embarrassed to show your own mother. It is plain and simple. I have already gone more than a decade of no passwords, and nobody has tracked anything of mine. I just keep things close to me. If you are irressponsible enough to always loose your phone, then chance are you deserve it. Really. And now that we can use pictures, it makes it that much more easier. You are never safe no matter how many languages you use in your password.
dgrmouse
November 11, 2011 at 5:14pm
re scar: no. These algorithms work on the geometry of your face, not the quality of your skin.
Holly Golightly
November 11, 2011 at 7:20pm
Hey, anything can happen... Busted lip, black eye, broken nose... Accidents do happen.
Holly Golightly
November 11, 2011 at 7:17pm
That is a fairly new concept most cellphone users never heard about. Only techies like us read about it. Many people (me too) still use plastic. Most businesses like restaurants do not use cellphones as a method of payment... Anyhow, I would not want my e-Wallet to die on me because of poor battery life.
livebriand
November 11, 2011 at 11:27pm
Cash is, in my opinion, even better because the credit card companies can't track your purchases and sell it to marketers.
Holly Golightly
November 11, 2011 at 11:44pm
You know what... That is absolutely true. I hate the fact that my financial purchases are traceable. I am big on privacy, I do not know why I did not think of this. I want to go incognito. Be untraceable. But man, I will miss the ease of pulling out a credit card though. No coins to walk around with.
livebriand
November 13, 2011 at 3:07pm
You probably already have to bring cash with you because some restaurants and stores don't accept credit cards, plus bridge tolls, etc, so it's not much more hassle.
Holly Golightly
November 13, 2011 at 10:38pm
Nope, no cash at all. I get direct deposit, and I pay all of my bills online. As for restaurants, almost every restaurant in New York City accepts Discover and American Express. Heck, even cheap places like Mc.Donalds accept credit cards. I do most of my shopping online anyways. There are times when a store requires a minimum for credit card spending... Like a pizza shop or grocery store... But heck, that is why we have supermarkets for. I am absolutely honest with you, I do not carry cash on me because everything I do is done electronically. Heck, vending machines now accept credit cards, so overall, I am good. As for trolls, I destroy them.
AETAaAS
November 11, 2011 at 4:47pm
Maybe they can use Infrared to add a layer of difficulty. IIRC, a number of cameras can already pick up infrared so if there is a heat signature with countours to indicate its a real face, the normal face recognition software can do its work.
Biceps
November 11, 2011 at 5:08pm
I could be wrong, but I think that most (all?) digital cameras have the ability to pick out infrared light, but that it is (currently) filtered out by a physical filter, not a software or electronic hardware filter. So, while your idea is a good one, I don't know if it could be implemented without some pretty major changes to the camera, or removing the physical filter then trying to use a software filter to take out the infrared. Like the poster below, I'm talking well outside my knowledge bubble here, too, so anyone please feel free to correct me.
livebriand
November 11, 2011 at 11:29pm
Idk, but I tried pointing a standard IR remote at a camera and it showed up as white light. That camera is a decade old by now though, so it may be different on new ones. It's possible that it's not all that sensitive though to IR light, and it needs a direct beam like that to detect anything.
Taz0
November 12, 2011 at 2:21pm
That's exactly the problem. Infra red light appears like white light to a digital camera. So all you'd need to simulate IR is white light, which can be easily produced by a cell phone screen.
canadageek
November 11, 2011 at 3:55pm
The only way that I can see a fix to this would be to require the user to perform multiple facial gestures like smiling or turning your head. I don't really know how facial recognition works so I welcome replies correcting me.
Connect with MaximumPC
Featured Content
The gang discusses the GTX 690, Trinity, Ivy Bridge, Amazon, big-box stores, MMOs,...
This month's issue
Feature
Build a PC On Any Budget
Feature
Cloud Services Showdown
How-To
Encrypt Your External Drive
Build It
Upgrade an X58 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Original RickRoll Video Returns to YouTube After 24-Hour Copyright Hiatus http://t.co/MaH9Sxyy20 hours 59 min ago
- maximumpc: Corsair has decided not to go forward with its $78 million IPO, citing weak equity market conditions http://t.co/A5a4DAzj21 hours 9 min ago
- maximumpc: Want to work at Maximum PC? Our Online Managing Editor, Alex, is moving away, so we need a new one. http://t.co/9Z7JCh0E2 days 18 hours ago
