×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Samsung Galaxy S3 Face Unlock Tricked By Photograph

samzenpus posted about 2 years ago | from the a-picture-is-worth-a-thousand-passwords dept.

Android 174

AlistairCharlton writes with a story about an Android Face unlock security system that could use some tweaking. "Android's Face Unlock security on the Samsung Galaxy S3 can be tricked into unlocking the phone by showing it a photograph of the owner. In a test carried out by IBTimes UK, we found that the Galaxy S3 cannot distinguish between a photograph and a real person, leading us to suggest users should select a more secure way of locking the phone, such as with a PIN or password."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

174 comments

Not Intended to be Industrial Grade (5, Insightful)

nahdude812 (88157) | about 2 years ago | (#40363115)

Face unlock is not intended to be industrial grade security. By its nature it has to be tolerant to unlocks (it would suck if you couldn't unlock your phone after a haircut or beard trim, for example). It's intended to prevent casual perusal by someone who finds the phone sitting around. They've added some little things like requiring some movement in the face (eg, blinking), so it's mildly surprising that a static photo can trick it. But it's not especially worrying either - again, it's meant to be one step above slide to unlock.

It's almost like stating that the standard "slide to unlock" is insecure because anyone can slide that button! The statement is true, but it misses the point.

Also, a quote from Samsung taken directly FTFA:

"Therefore, users with sensitive information on their phone are advised to use higher-protection security features, such as pattern, pin, or password unlock."

Re:Not Intended to be Industrial Grade (2)

Rhodri Mawr (862554) | about 2 years ago | (#40363195)

They've added some little things like requiring some movement in the face (eg, blinking), so it's mildly surprising that a static photo can trick it.

Given that my son's camera consistently detected the Mona Lisa blinking, I'm not surprised at all.

Re:Not Intended to be Industrial Grade (0)

Anonymous Coward | about 2 years ago | (#40363197)

It's a stupid tech, and should not be used by anone who cares about the contents of their phone.

Re:Not Intended to be Industrial Grade (2)

errandum (2014454) | about 2 years ago | (#40363373)

it's not stupid at all, you don't have to slide your finger on the screen!

With a 4.8 screen, imagine how much work you'd have to put into that every single day... It's a godsend, I tell you, a godsend!

Re:Not Intended to be Industrial Grade (1, Flamebait)

Missing.Matter (1845576) | about 2 years ago | (#40363293)

From the quote, if something as simple as a pin password is "higher-protection" then let's just call this face unlock feature what it is: a pointless gimmick.

Re:Not Intended to be Industrial Grade (1)

errandum (2014454) | about 2 years ago | (#40363391)

The phone will lock for 30s after 3 failed attempts or so, so you'd still have a hard time with a pin.

But any android phone has offered the option for a password for the last year, so the whole thing is moot. Want security, pick a strong passsword.

Re:Not Intended to be Industrial Grade (5, Funny)

KhabaLox (1906148) | about 2 years ago | (#40363519)

Want security, pick a strong passsword.

Exactly. That's why I use a picture of Rainer Wolfcastle for my Galaxy.

Re:Not Intended to be Industrial Grade (5, Funny)

liquidsin (398151) | about 2 years ago | (#40364073)

just use a picture of your balls; in theory it should be easier to keep would-be hackers from getting a picture of your balls, and it's only slightly awkward to shove your hand down the front of your pants every time you'd like to use your phone.

Re:Not Intended to be Industrial Grade (1)

Splab (574204) | about 2 years ago | (#40364357)

I keep my phone in front left pocket, so not that far away, but crotch dialing would be an issue :)

Re:Not Intended to be Industrial Grade (1)

Jarik C-Bol (894741) | about 2 years ago | (#40364389)

Sir, I hereby award you the internet for the day, as you have made me laugh heartily at your witty commentary. Someone mod this person +1 funny.

Re:Not Intended to be Industrial Grade (4, Insightful)

localman57 (1340533) | about 2 years ago | (#40363451)

It's not necessarily pointless, depending on who your attacker is. Against a sufficiently advanced and determined attacker, nearly all security attempts are pointless, because all can be broken, even if a rubber hose must be used. If your goal is to simply prevent someone from casually picking up your phone and browsing through your inbox, it might be worthwhile. Additionally, if the "gimmick" aspect leads some people to use it who would not otherwise use a PIN (which is very un-gimmicky), there may be some value in it.

Finally, I see this as potentially very useful as a two-factor authentication for cases where the person who has the phone doesn't know to whom it belongs. e.g. they found it in a bar. If brute-forcing the face recognition is somewhat difficult, it could be added to a pin code for extra security. All of this assumes that there isn't an easily exploited backdoor or weakness via USB or other interface.

Re:Not Intended to be Industrial Grade (0)

Anonymous Coward | about 2 years ago | (#40363693)

Unfortunately that is not possible. You have to pick ONE unlock method so no two factor unlocking for you. Not sure if that is an Android limitation or if Samsung made it that way because it would be "too confusing" if they allowed two factor unlocking.

Re:Not Intended to be Industrial Grade (4, Interesting)

crakbone (860662) | about 2 years ago | (#40364191)

Actually I see this as preventing the casual phone check by a police officer. It becomes a locked container and they then legally have to go to more extremes to open it. In some cases a warrant.

Re:Not Intended to be Industrial Grade (1, Funny)

noh8rz3 (2593935) | about 2 years ago | (#40363605)

Another way that samsungs are inferior to iPhones. Apple products don't offer that feature. Pin or slide to unlock only. I'm mwaiting for Siri unlock capability. My voice is my passport. Verify!

Re:Not Intended to be Industrial Grade (0)

Anonymous Coward | about 2 years ago | (#40363835)

Great idea! ( as I stand in the shadows and hit record as you unlock your phone...) Great Idea indeed!

Re:Not Intended to be Industrial Grade (0)

Anonymous Coward | about 2 years ago | (#40364011)

Hi, my name is Werner Brandes.

Re:Not Intended to be Industrial Grade (0)

Anonymous Coward | about 2 years ago | (#40363383)

All biometric security is pretty easy to bypass. Iris scanners are as easily fooled as face detection, except it's more difficult to get a high resolution image of a person's irises.

Hand and fingerprint scanners can be fooled with the old "gummy finger" trick. This consists of dusting prints and lifting them with cellophane tape, then etching it to a photosensitive PCB and using that to mold gummy prints. If the scanner also checks for capacitance and moisture, you can simply lick the gummy print before using it on the scanner. Afterwards, you eat the prints to eliminate the evidence.

Passwords/passcodes and physical keys are still the best for security.

Re:Not Intended to be Industrial Grade (1)

mcgrew (92797) | about 2 years ago | (#40363597)

It's not security at all, it's convenience. I stopped buying those old "candy bar" phones because you either had to unlock it with a key combination before you could answer it, or risk butt-dialing 911 while you're buying weed. But now the flip phones I like are going out of style, everybody and his dog wants a phone that won't fold and won't fit in a pocket. For an Android/iPhone this would be great... if I could find one I could comfortably fit in my pocket.

With a flip phone, pull it out and open it (quick thumb motion) and say "hello?" With a modern iPhone/Android you have to fiddle with it to unlock it. This just removes the "fiddling with it" part, like the flip phone's cover did; pull it out and answer.

Re:Not Intended to be Industrial Grade (4, Informative)

icebike (68054) | about 2 years ago | (#40363729)

Face unlock is not intended to be industrial grade security. By its nature it has to be tolerant to unlocks (it would suck if you couldn't unlock your phone after a haircut or beard trim, for example). It's intended to prevent casual perusal by someone who finds the phone sitting around. They've added some little things like requiring some movement in the face (eg, blinking), so it's mildly surprising that a static photo can trick it. But it's not especially worrying either - again, it's meant to be one step above slide to unlock.

It's almost like stating that the standard "slide to unlock" is insecure because anyone can slide that button! The statement is true, but it misses the point.

Also, a quote from Samsung taken directly FTFA:

"Therefore, users with sensitive information on their phone are advised to use higher-protection security features, such as pattern, pin, or password unlock."

Further this is a standard feature of ICS, and nothing to do with Samsung. Its on all the HTC phones that ship with a front facing camera and ICS installed.
Want to blame someone, blame Google for adding this silly feature to Android.

Re:Not Intended to be Industrial Grade (0)

Anonymous Coward | about 2 years ago | (#40363757)

The problem is that whatever locking mechanism that is in use is the only thing protecting the phone from the bad guys. Home PCs are not on the road with someone, so their defense against attacks due to physical security can be extremely low in most cases and the risk be acceptable to most. A phone is a lot more vulnerable to that.

So, the local authentication has to be of decent strength to protect what the person has on the phone. It might be their private documents. It might be their contact list. It might be just the fact that bandwidth is so expensive that someone might just use the device tethering until the telco drops it from the network. Reading someone's phone and sending clever E-mails out as that person can not just result in some screwed up relationships, but can net someone a nice windfall if they do the "OMG, I need $500 cash, I'm stuck here" gambit. A sophisticated thief using the device in a busy area (or shutting down the GSM/CDMA radio and using a Wi-fi network to slow down people trying to find the device) could in theory do a lot of damage to a victim.

People need to be assured that if they turn on some security, be it the connect the dots, fingerprint scanner, face recognition, or PIN/password, that it has been fairly tested and is secure against most things. There is no 100%, but it should be pretty robust.

Take a simple PIN for instance. Pair it up with the setting to erase the device after ten fails. Then an attacker gets the device and looks for fingerprints. One smudge on the device -- trivial. Two smudges and a four digit PIN can mean a 10 in 16 chance of getting the result. Three smudges, a 10 in 27, and four smudges, a 10 in 256 chance.

If someone uses a longer PIN, it becomes harder to guess things.

Compare that do the connect-the-dots, where one can figure out with smudges of where the code begins and ends, then easily redraw it for access.

So far, on Android, the only other strong access mechanism I've seen was the fingerprint scanner on the Atrix 4G (not on the Atrix 2.) Maybe the gummi bear fingerprint trick might work, but I'd guess that is long since been addressed.

With all that is at risk if a phone is stolen, a phone should either have alternate unlock methods that are as strong as a PIN or password, or just don't offer them. The illusion of security when in reality, there isn't any can be really damaging.

Re:Not Intended to be Industrial Grade (1)

dev.null.matt (2020578) | about 2 years ago | (#40364235)

Take a simple PIN for instance. Pair it up with the setting to erase the device after ten fails. Then an attacker gets the device and looks for fingerprints. One smudge on the device -- trivial. Two smudges and a four digit PIN can mean a 10 in 16 chance of getting the result. Three smudges, a 10 in 27, and four smudges, a 10 in 256 chance.

If someone uses a longer PIN, it becomes harder to guess things.

Man, I wish my college room-mate had a phone like this. Ten steps to deleting everything on his phone would have been hilarious to me.

Re:Not Intended to be Industrial Grade (1)

Marillion (33728) | about 2 years ago | (#40363823)

Exactly, that's true of any "fuzzy" system. Fuzzy includes fingerprint readers, retina scanners, voice prints. You name it, it has to allow for a a degree of fuzziness. They make for great Hollywood visuals, but nothing else.

Re:Not Intended to be Industrial Grade (0)

Anonymous Coward | about 2 years ago | (#40363849)

In fact, when you enable face unlock, you get a fucking warning telling you it's not secure!

So, to summarise - the only way an Android user would think that face unlock is secure is if they ignored every single screen when enabling it and then rammed their head into a wall so that they had no living brain cells.

Re:Not Intended to be Industrial Grade (2)

girlintraining (1395911) | about 2 years ago | (#40364395)

"Therefore, users with sensitive information on their phone are advised to use higher-protection security features, such as pattern, pin, or password unlock."

Yeah, because it's terribly difficult to see the finger smear left on the display after the unlock code is entered.... o_o Hmm, it looks like a backwards Z! Actually, in studies of it, they've discovered people tend to make geometric shapes or reversed alphabet characters as their unlock code... There's a fairly good chance that if you try the top 20, you'll unlock the phone. So there's that too...

Feature... (5, Funny)

N0Man74 (1620447) | about 2 years ago | (#40363141)

This is a "feature", not a "bug". In fact, it's a "safety feature".

Now there is no need for someone to kill you, skin your face off, and make a mask out of it to break into your phone (like in the movies). They can just take a photo of you from a telephoto lens. Sign me up!

Re:Feature... (1)

DarthVain (724186) | about 2 years ago | (#40363235)

Yes if movies taught me anything, biometric security will only cause evildoers to cut off your hand, thumb, eyeball to defeat the security. Sometimes when you're alive, sometimes not.

I mean if it is something I remember, at least they have to keep me alive! Of course if you don't tell they might take your daughters nose job away...

Re:Feature... (0)

Anonymous Coward | about 2 years ago | (#40363405)

I'm sure your daughter can live without her nose - didn't do Tycho Brahe any harm. That's gotta be way preferred to having your hand, thumb or eyeball removed!

Re:Feature... (3, Insightful)

bughunter (10093) | about 2 years ago | (#40363281)

This is a "feature", not a "bug".

Obviously. With all of the face-eating zombies in the news lately, Samsung thoughtfully permits you to unlock your phone with a backup of your face.

Re:Feature... (2)

93 Escort Wagon (326346) | about 2 years ago | (#40363653)

Now there is no need for someone to kill you, skin your face off, and make a mask out of it to break into your phone (like in the movies).

But we can still do it for fun, right?

What if the owner is really ugly? (1)

acidradio (659704) | about 2 years ago | (#40363147)

One concern is if the owner is really hideous looking. There is the risk that it could shatter the camera lens and then the phone would NEVER unlock!

Re:What if the owner is really ugly? (0)

Anonymous Coward | about 2 years ago | (#40363223)

Are you speaking from personal experience?

Re:What if the owner is really ugly? (0)

Anonymous Coward | about 2 years ago | (#40363777)

You watch too many cartoons.

even more dangerous... (5, Funny)

Anonymous Coward | about 2 years ago | (#40363159)

It would be even more dangerous if someone compiled a whole book of face photographs... i dunno, maybe they could call it a "face book" or something like this.

Re:even more dangerous... (1)

KhabaLox (1906148) | about 2 years ago | (#40363539)

i dunno, maybe they could call it a "face book" or something like this.

If they got enough photos they could call it The Face Book, since it would be definitive.

2D vs 3D (1)

gameboyhippo (827141) | about 2 years ago | (#40363161)

I agree that nobody should rely on this for security, but I think it would be more secure if it was a 3D camera instead of a 2D one. Then it could work more similarly to Kinect. But I suppose then that someone could take a picture of a person on their Nintendo 3DS and trick the phone that way. :)

Re:2D vs 3D (1)

Anonymous Coward | about 2 years ago | (#40363241)

Sure, just throw a low quality 3d camera on for a simple unlock feature. I'm sure it's price will stay competitive. Really. No, seriously.

Re:2D vs 3D (0)

dgatwood (11270) | about 2 years ago | (#40363705)

Use two cameras mounted at opposite sides of the device, then compare the two images looking for parallax. Finally, compute what the shift should be based on the distance from the camera to the person (computed by looking at the focus distance for the two cameras). If the shift isn't within a narrow margin of what it should be, reject the face.

It might be possible to trick such a setup with a 3D display, but it would not be easy. First, you would have to have an image taken using cameras that are approximately the same distance apart. Second, you would have to know how far away the person was when the photo was taken. Third, such an attack could be readily foiled by the use of polarizing filters with the same orientation on both of the two cameras.

=/= news (0)

Anonymous Coward | about 2 years ago | (#40363175)

The same thing is possible on the Galaxy Nexus as was found out 8 months ago.

Face unlock was never intended to be biometric level security.

No easy way to do this (1)

sideslash (1865434) | about 2 years ago | (#40363177)

They could have the user do something like shake their head to prove that it's a 3D shape. And then somebody could write a tablet app that takes a flat photo and wraps it around a 3D, animatable head model. This could pretty much be a never-ending war of escalating sophistication.

As long as people know it's basically a toy and a way to keep honest people out, it will be OK.

Never fool-proof (1)

ThunderBird89 (1293256) | about 2 years ago | (#40363191)

Unless they manage to squeeze in a high-resolution thermal imager too, to verify that the face is indeed living (and maybe map out the veins, but that would require a rather sensitive imager), no face-unlock will be 100% secure. Bit higher on the scale than a slider or a pattern unlock, but waaaay lower than a PIN/password lock.

Re:Never fool-proof (1)

retchdog (1319261) | about 2 years ago | (#40363273)

what's the difference between a pattern unlock and a PIN?

Re:Never fool-proof (2)

ThunderBird89 (1293256) | about 2 years ago | (#40363315)

You can crack a pattern lock by looking at the glass and noting the path the finger travels across the grid. For a PIN, you have 4-8 or more distinct points on the screen, with no indication of the order. That means you're looking at at least 24 (4!) different combinations, and most phone OS-es lock out after 3-5, for increasing periods. So it frustrates cracking attempts more than a pattern unlock.

Re:Never fool-proof (1)

repvik (96666) | about 2 years ago | (#40363645)

That is, if the pattern does not loop back on itself. Unfortunately, last time I checked, that was impossible on Android phones.

Re:Never fool-proof (1)

DMUTPeregrine (612791) | about 2 years ago | (#40364311)

The pattern can loop over previously activated points, they just won't activate again.
You can also, of course, use the phone after unlocking, which will tend to swipe over the pattern. Finally, the pattern can be deliberately wiped off by the user.

Re:Never fool-proof (0)

Anonymous Coward | about 2 years ago | (#40363755)

Well, with a sufficiently shallow DoF, you could do 3D imaging by sweeping the focal plane, eliminating flat pictures, anyway. With camera phones, of course, you don't have sufficiently shallow DoF...

We've heard this with the Galaxy Nexus (2)

mikecase (1991782) | about 2 years ago | (#40363215)

That said, this isn't meant to be industrial grade security. Compared to no security at all, this is a big step up. The likelihood that I loose my phone in the parking lot and someone who finds it has a picture of me to unlock the phone with seems extremely slim. More likely, this would be vulnerable to attack from people I know, but even then, it's better than nothing.

Solution (4, Interesting)

mdarksbane (587589) | about 2 years ago | (#40363239)

Use someone *else's* face as your unlock.

Like Teddy Roosevelt.

And then put that picture as your login screen, so it'll log you in if you point at a mirror.

It'll still be a problem if Zombie Teddy Roosevelt steals your phone, but how likely is that...

Re:Solution (0)

Anonymous Coward | about 2 years ago | (#40363475)

Or Benjamin Franklin. Chances are whoever steals a phone doesn't have a c-note lying about.

Re:Solution (0)

Anonymous Coward | about 2 years ago | (#40363551)

I use my wristwatch. It's always on my arm and if my phone gets stolen, good luck figuring that out, thief!

Re:Solution (4, Insightful)

XiaoMing (1574363) | about 2 years ago | (#40363565)

Use someone *else's* face as your unlock.

Like Teddy Roosevelt.

And then put that picture as your login screen, so it'll log you in if you point at a mirror.

It'll still be a problem if Zombie Teddy Roosevelt steals your phone, but how likely is that...

So you now have a cell-phone that's only useful near mirrors.

Re:Solution (0)

Anonymous Coward | about 2 years ago | (#40363767)

Use someone *else's* face as your unlock.

Like Teddy Roosevelt.

And then put that picture as your login screen, so it'll log you in if you point at a mirror.

It'll still be a problem if Zombie Teddy Roosevelt steals your phone, but how likely is that...

So you now have a cell-phone that's only useful near mirrors.

Just make sure you don't venture too far from Mt. Rushmore.

Re:Solution (0)

Anonymous Coward | about 2 years ago | (#40363991)

Well, my phone has a pretty reflective screen. I use it as a mirror for cosmetic purposes, and, at the fast food places I work, I hold it above my head to see down into the pop machine's ice holder to see how full it is. Anyways, you don't really need a mirror, you just need another $300 phone.

Re:Solution (2)

jgeiger (1356045) | about 2 years ago | (#40364117)

Use someone *else's* face as your unlock.

Like Teddy Roosevelt.

And then put that picture as your login screen, so it'll log you in if you point at a mirror.

It'll still be a problem if Zombie Teddy Roosevelt steals your phone, but how likely is that...

So you now have a cell-phone that's only useful near mirrors.

And completely useless if you're a vampire.

Re:Solution (0)

noh8rz3 (2593935) | about 2 years ago | (#40363741)

Wow thats a good idea. Caanybody else try this and say if it works? I have an iPhone so I don't know.

Although, fatal flaw: what if you don't have a mirror nearby when you want to use your phone?

Re:Solution (1)

kanto (1851816) | about 2 years ago | (#40363899)

I'm reading these "ideas" and starting to think that /. should have a urin test for posters.

Possible solution... (3, Insightful)

FridayBob (619244) | about 2 years ago | (#40363311)

Equip the phone with two or more cameras so that the user's face can be verified in 3D, thus making it a lot harder to fool the system with one or more 2D pictures.

Re:Possible solution... (1)

Anonymous Coward | about 2 years ago | (#40363529)

Wrap a photo around a tennis ball as a circumvention?

Re:Possible solution... (0)

Anonymous Coward | about 2 years ago | (#40363751)

Better would be to use a Kinect-like system with 3D depth sensor. Of course those systems don't work well in the sun or any time there is a strong infrared source nearby.

So what? (1)

ettusyphax (1155197) | about 2 years ago | (#40363325)

It can also be bypassed by anyone with a computer, and so can those other "security methods." Actually, calling them "security" is a bit of a misnomer - it's more like a temporary privacy screen. Next you'll be telling me my laptop is insecure because someone could chop off my finger and use it to log in to Windows with my fingerprint scanner - yeah, or they could use any one of a thousand boot discs that bypass the Windows log-on process entirely. The face scanner, like the finger printer scanner (when set up for Windows log-in, not as part of a PKI or similar) is just an ease-of-use thing designed to keep your co-workers from picking up your phone or laptop and seeing all that Lego porn you've got on there.

Doh! (0)

Anonymous Coward | about 2 years ago | (#40363335)

How do you think they QA'd it. with real people! Ha HA hA!

CAPTCHA = acetone

Um (1)

Jethro (14165) | about 2 years ago | (#40363345)

That... uh... so you're tricking the phone into thinking it's seeing you by showing you a picture of yourself which I assume looks like you?... it's not exactly supposed to be doing a retina scan.

This is old... (0)

Anonymous Coward | about 2 years ago | (#40363363)

..you can do this to all laptops using the same trick

probably because the photo becomes so general that after awhile it has a very high tolerance

but as said, this is old news

Why not face unlock plus pin (1)

esten (1024885) | about 2 years ago | (#40363365)

Since most pin/swipe patterns are limited in security why not combine face unlock with a pin. Add a little security without much hassle for user.

Solution: Silly faces! (4, Funny)

LordRobin (983231) | about 2 years ago | (#40363369)

There's an easy solution! Just cross your eyes and stick out your tongue when taking the security image! Of course, the people on the bus might think you're a little looney each time you unlock your phone, but that's the price you pay for security!

------RM

Re:Solution: Silly faces! (2)

gbjbaanb (229885) | about 2 years ago | (#40363813)

and what's more - you can't accidentally unlock the phone just be picking it up, which could be awkward if youy're on the bus and the person behind/next to you sees what you were doing with it before it locked last....

Old news - Also, not a real issue. (1)

Petron (1771156) | about 2 years ago | (#40363381)

As seen on Youtube [youtu.be].

and not just Samsung Galaxy S3, but any phone with Android 4.0 (ICS) with face unlock active. My EVO 4g LTE can be fooled the same way, but what is the odds that some random person just happens to have a picture of me? It's more likely they could guess my pin/pattern.

Informed decision? (4, Insightful)

astrodoom (1396409) | about 2 years ago | (#40363385)

No information on the test they performed whatsoever, no shots of the photos used, no information on how they overcame (or if they did at all) the supposed blinking requirement. This news site has a low opinion of their readers to not even include the simplest information.

Something Tell Me a Face (Even if Trickable) is (1)

MikeyC01 (231948) | about 2 years ago | (#40363455)

Still more secure than PINs of 1234, 0000, etc and passwords of (well) "password", "god", "joshua", etc

Someone is telling you (2)

Anonymous Coward | about 2 years ago | (#40363715)

that starting your post in the subject and continuing in the body is bad form.

By "someone" I mean me.

With this reply.

Don't do it.

Ever.

Last I checked.... (4, Informative)

SIR_Taco (467460) | about 2 years ago | (#40363465)

Last I checked on my Samsung Galaxy SII (with ICS 4.0.3), the "Face Unlock" feature was aptly labeled as "Low Security, Experimental".

The only item marked as "High Security" is the password option.

I don't have an S3, but from what I've read the UI/OS version is pretty close at the moment (4.0.3 vs. 4.0.4). And I do believe, correct me if I'm wrong, that "Face Unlock" is still labeled the same.

It's more trouble... (1)

The Grim Reefer (1162755) | about 2 years ago | (#40363469)

Than the simple slide lock. I know a few people who use a PIN to lock their phone. But most people I know do not, including myself. I would think the face recognition would be the equivalent of a slide lock. And depending on how it works, perhaps more convenient (I never saw how it works on the phone). Was it advertised as a way to keep the NSA out of the phone? Or as a replacement for a keeping you from butt dialing people? If the latter, then I don't see the problem.

Re:It's more trouble... (0)

Anonymous Coward | about 2 years ago | (#40363805)

Than the simple slide lock. I know a few people who use a PIN to lock their phone. But most people I know do not, including myself. I would think the face recognition would be the equivalent of a slide lock. And depending on how it works, perhaps more convenient (I never saw how it works on the phone). Was it advertised as a way to keep the NSA out of the phone? Or as a replacement for a keeping you from butt dialing people? If the latter, then I don't see the problem.

The problem is if you're ugly enough that your butt and your face are indiscernible from one another... back to slide to unlock.

improve with pin (1)

kipsate (314423) | about 2 years ago | (#40363575)

Security can easily be improved by the use of a 4 digit pin-code which is to be tattooed to the forehead of the owner and automatically read using OCR.

What't the problem? (1)

Fuzzums (250400) | about 2 years ago | (#40363581)

With the SII it also works. I took a picture with one phone and showed to the other phone to unlock it.
That works. No problem.

But I think it's also marked as insecure, so this wasn't really a surprise actually.

Apple fans are shocked... (0)

Anonymous Coward | about 2 years ago | (#40363601)

...their device would never recognize a face from a mere photograph!

Security 101 (1)

Anonymous Coward | about 2 years ago | (#40363657)

Something you are...
Something you have...
Something you know...

of course its only using a single camera! (1)

Anonymous Coward | about 2 years ago | (#40363681)

Of course you can unlock with a picture of the user! I have no seen this particular model from samsung but if it is like most other smart phones it only has a single camera. It is doing face recognition on 2 dimensions, which though powerful, has its limitations.

To the phone the whole world only has two planes!

the best solution to this would be to use 3-D face recognition, which would involve having two cameras on the phone side by side, to do stereo imaging.

of course this is not full proof either, because you could a bust (sculpture) of a person to trick it as well. But unless your an old european dude or a founding father its highly unlikely.

Face unlock is not a security feature (4, Insightful)

Anonymous Coward | about 2 years ago | (#40363697)

It's not a security feature and it should not be. It's there for convenience. nothing more.
It's just like slide to unlock, but all you have to do is look at the camera and voila :)

That's an easy one! (0)

Anonymous Coward | about 2 years ago | (#40363907)

Just do a funny face when setting up your unlock picture.

why even report this (0)

Anonymous Coward | about 2 years ago | (#40364065)

THis has been reported before on when Face unlock first came out and its not like theres been a new release of it touting better security or anything. Google Advise this is low security. Why is this news ?

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...