There are a bunch of ways you can try to prevent folks from unlocking your phone without your permission. Most phones let you set up a numeric code, or PIN that you can enter. Some let you use an alphanumeric password. Or you can require the user to swipe a pattern across the screen. And some newer phones support fingerprint, facial recognition, or even iris scanners.

Samsung’s new Galaxy S8 phones has pretty much all of the above, but some are arguably more secure than others.

Case in point? At the Galaxy S8 launch event, one person was able to unlock a phone just by showing it a picture of his face.

Theoretically, that means anyone who wants to use your phone without your permission could just show it a picture (or point it at your unconscious or unaware face).

Fingerprint sensors and iris scanners could have similar issues: while it might always be easy, someone could theoretically force you to touch or look at a phone to unlock it, while beating the password or PIN out of you might be more difficult.

But that’s one of the challenges that comes with balancing security and convenience. On the one hand, fingerprint or facial recognition isn’t necessarily as secure as a long password or complicated swipe pattern. On the other hand, how many hoops do you want to jump through to unlock your phone dozens of times each day on the off chance that something that’s moderately inconvenient for you is very inconvenient for a thief or spy?

Generally speaking, I think biometric security is a good thing since it encourages people who might not otherwise use a password to protect their phone to at least use something. But it’s probably worth pointing out that many of the new security features showing up on smartphones may include some nifty technology, but they’re largely designed to enhance convenience rather than security.

It is worth pointing out that the use-a-photo trick doesn’t necessarily work with all devices that support facial recognition. Microsoft’s Windows Hello requires an infrared camera, which helps it detect the difference between a real face and a photo.

via /r/Android

Support Liliputing

Liliputing's primary sources of revenue are advertising and affiliate links (if you click the "Shop" button at the top of the page and buy something on Amazon, for example, we'll get a small commission).

But there are several ways you can support the site directly even if you're using an ad blocker* and hate online shopping.

Contribute to our Patreon campaign


Contribute via PayPal

* If you are using an ad blocker like uBlock Origin and seeing a pop-up message at the bottom of the screen, we have a guide that may help you disable it.

Subscribe to Liliputing via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 9,546 other subscribers

3 replies on “Samsung Galaxy S8 face recognition can be tricked by a photo (balancing security and convenience is hard)”

  1. Some article comparing the S8 and iPhone 7+ considered retina recognition as a clear advantage. I felt it was a bad gimmick, not invisible enough to use compared to pushing a fingerprint sensor~button. A weird bad SF vibe. Now this obvious hack…

    They need to go back to the design board deep this time.

  2. Yes, it is a pain in the ~!@#$% to use a password (not PIN) to unlock a phone but it is much more secure. You are encrypting the data on your phone aren’t you? You can be compelled to look at your phone or place your finger on a reader but you cannot be compelled (by law enforcement) to give up your password (something you have instead of something you know). Setting up your phone to allow responses to texts/IMs without unlocking does mitigate the problem to some extent.

Comments are closed.