Galaxy S8 face recognition already defeated with a simple picture

Samsung logoSamsung just recently took the wraps off its latest flagship, the Galaxy S8. In addition to the super-slim bezels, tall screen, and speedy new Snapdragon 835 (or Exynos 9) processor, the device is also coming with a ton of biometric authentication options. You get a fingerprint reader, iris recognition, and face recognition. With the public's first exposure to the Galaxy S8 happening a few days ago, it was only a matter of time until one of these biometric solutions had some holes poked in it.

One of those holes is that Galaxy S8's face recognition can be tricked with a photo. At least this is what a video from Spanish Periscope user Marcianophone purports. About six minutes into the 40-minute Spanish-language video, you can see the attendee take a selfie with his personal phone, then point it at the Galaxy S8, which is trained to unlock with his face. It only takes a few minutes of fiddling before the Galaxy S8 gives in and unlocks with just a picture, moving from the "secure" lock screen right to the home screen. Once the user dials in his technique, he shows the trick is easily repeatable.

Google added a "Face Unlock" system to Android 4.0 back in 2011, and it had the same picture vulnerability that Samsung's solution has today. In Android 4.1, Google's face unlock added a "liveness check" that attempted to defeat the photo vulnerability by requiring the user to blink. This too was bypassed (rather hilariously) by grabbing a photo of someone, poorly Photoshopping a second copy of the picture with a set of closed "eyelids," and then switching between the "eyes open" and "eyes closed" pictures when the face unlock asks the user to blink. It seems Samsung built a face unlock feature from the ground up for the S8, and it's repeating the same mistakes.

Galaxy S8 face recognition already defeated with a simple picture

Samsung seems to know face unlock is not the most secure feature on Earth. It's the only one of the three biometric systems that can't be used to authorize Samsung Pay purchases. We'd suggest that's it's also not a great idea to set as your lock screen, and a PIN or password would be more secure. The good news for Samsung is that the Galaxy S8 isn't out yet, so it has some time to fix face unlock's flaws before the April 21st release date.

Source: Ars Technica

Tags: Galaxy S8, Samsung, smartphones

Add comment

Your name:
Sign in with:
Your comment:

Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party

Last news

Galaxy Note10 really is built around a 6.7-inch display
You may still be able to download your content
Facebook, Messenger and Instagram are all going away
Minimize apps to a floating, always-on-top bubble
Japan Display has been providing LCDs for the iPhone XR, the only LCD model in Apple’s 2018 line-up
The 2001 operating system has reached its lowest share level
The entire TSMC 5nm design infrastructure is available now from TSMC
The smartphone uses a Snapdragon 660 processor running Android 9 Pie
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 / 2
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /

News Archive



Do you use microSD card with your phone?
or leave your own version in comments (15)