Galaxy S8 Facial recognition can be bypassed With a Photo DEMO
Earlier this week, the Samsung Galaxy S8 line of devices were announced with tremendous fanfare. The Galaxy S8 serves as a symbol of Samsung’s comeback story following the Galaxy Note 7 debacle. In my opinion, the pros of the Galaxy S8 outweigh the cons. However, there is one specific con that has been making the headlines today.
Early reviewers of the Galaxy S8 discovered a security flaw in the facial recognition feature. As you probably know, the facial recognition feature allows you to unlock the phone by looking at the front-facing camera. And the facial recognition technology in the Galaxy S8 is so sophisticated that it can unlock the device faster than a fingerprint. But Periscope user MarcianoPhone learned that the facial recognition feature could be fooled by using a photo of the phone’s owner. Here is a clip from that video via YouTube channel iDeviceHelp:
You will notice in the video that it takes a little bit longer for the Galaxy S8 to unlock when a photo is used, but it still poses a risk compared to other biometric and security features. And it is interesting that the Galaxy S8 facial recognition feature was tricked by a selfie taken from a different Galaxy S8. Hypothetically, this means that the Galaxy S8 could even be unlocked even if the owner was sleeping.
Samsung has acknowledged that the facial recognition technology is actually not intended to be a security feature, but another way to go to the Home screen as opposed to Slide to Unlock. “Facial recognition is a convenient action to open your phone – similar to the ‘swipe to unlock’ action,” said a Samsung spokesperson in a statement sent to BusinessInsider. “We offer the highest level of biometric authentication – fingerprint and iris – to lock your phone and authenticate access to Samsung Pay or Secure Folder.” The Galaxy S8 even recommends users that are setting up facial recognition to consider fingerprint or iris scanners instead because it can be tricked by images that look similar to your face. Forbes contributor Paul Monckton pointed out that Samsung also acknowledges the risks of the facial recognition vulnerability by preventing it from being used to authenticate online payments through Samsung Pay.
Microsoft also has a proprietary biometric authentication system called Windows Hello. However, Windows Hello has been able to accurately distinguish between identical twins. And Windows Hello offers an optional feature that can be activated, which requires the user to turn his or head to the left or right before the device unlocks so flat photos should not be able to spoof this system.