Galaxy S8 Facial Recognition can be Bypassed With a Photo

Zarathustra[H]

Zarathustra[H]

Extremely [H]
Joined
Oct 29, 2000
Messages
38,819
If you plan on getting one of those sharp looking new Samsung Galaxy S8 phones, you might want to think twice before utilizing the face unlock feature. iDeviceHelp has posted a video on YouTube showing that the face unlock feature can me fooled with a picture.

I had thought that this shortage in phones and face unlocks had already been overcome through the use of movement, and the requirement to capture the face from multiple angles. The video does state that maybe they were dealing with a problem with pre-release software. Let's hope that is the case. With the awkward position of the fingerprint sensor on the S8, chances are good that a lot of people might want to use face unlock.
 
I feel like the earlier samsung phones that had this feature also could be. Facial recognition is a convenience not a security feature.
 
and what about girls, with hair and make-up and all those things, do they get forever locked from their phones after they go to the salon?
 
They should make the phone recognize that it's a picture of the person that's trying to fool the security then have the battery overheat and melt the phone. Probably not too hard for Samsung to pull off . . .
 
D4rkn3ss said:
and what about girls, with hair and make-up and all those things, do they get forever locked from their phones after they go to the salon?
Click to expand...

Typically with any biometrics, you still have a pin or underlying password. The biometrics are just a shortcut. If your biometrics stop working and you have forgotten your password, you may be in trouble though.
 
Zarathustra[H] said:
Typically with any biometrics, you still have a pin or underlying password. The biometrics are just a shortcut. If your biometrics stop working and you have forgotten your password, you may be in trouble though.
Click to expand...

somehow i see this coming :p
 
Darunion said:
I feel like the earlier samsung phones that had this feature also could be. Facial recognition is a convenience not a security feature.
Click to expand...

It's the reason face unlock was removed from S6/S7 official roms.

I'd be surprised if the official version has it. They'll probably patch it so it's disabled.


D4rkn3ss said:
and what about girls, with hair and make-up and all those things, do they get forever locked from their phones after they go to the salon?
Click to expand...


Nah, because they can't actually change the proportions of their face (eye distance/mouth). The camera isn't really looking at the person as it is measuring the features of the person.
 
The next iteration of the security feature will be better, based on facial structure + movements. Then, to hack, 3D models would need to be able to mimic the facial motion password - video wouldn't even help, unless it was video of the appropriate motions.
 
It don't matter, the phone's real security feature, the one that isn't rated as "Low", is the Iris scanner which can't be fooled by a picture. The facial recognition isn't supposed to be used as a security feature.
 
If there is an iris scanner then why is there facial recognition? Seems redundant in function. Either way even exploitable security is still better than nothing for many people as they still stick to swipe to unlock because its easiest.
 
Yeah I don't get why anyone would be using the facial recognition when the iris scanner should be just as easy. Honestly I'm surprised samsung even included facial recognition.
 
If you aren't going to do something right, don't do it at all. People will get a false sense of security.
 
iPhone Fingerprint scanners could be bypassed with wood glue. There's always going to be a way around everything.
 
Biometrics on all phones can be bypassed trivially easy. This isn't really news, anyone who thinks the low end fingerprint reader or face scanner on a cellphone is secure on any level is a fool.
 
Why are people surprised? It is his face after all. It will be surprising if someone unlocks it with an adult toy where it is suppose to be a face.
 
Dekoth-E- said:
Biometrics on all phones can be bypassed trivially easy. This isn't really news, anyone who thinks the low end fingerprint reader or face scanner on a cellphone is secure on any level is a fool.
Click to expand...

Last time I read the latest iteration of Apples touch ID is very hard to crack?
 
Zarathustra[H] said:
Typically with any biometrics, you still have a pin or underlying password. The biometrics are just a shortcut. If your biometrics stop working and you have forgotten your password, you may be in trouble though.
Click to expand...
This is contingent upon not being a very talented Android developer or having one or more of those as friends. Samsung is more of a pain to do it on but with HTC, LG, Huawei, etc it's much easier. Need a good reason to though, is not quick or easy.
 
aokman said:
Last time I read the latest iteration of Apples touch ID is very hard to crack?
Click to expand...

Who cares about facts? Just throw out some random nonsense and run with it.
 
aokman said:
Last time I read the latest iteration of Apples touch ID is very hard to crack?
Click to expand...

Without linking some ill informed piece of journalistic garbage, please show me an actual security comparison against actual top grade biometric scanners that cost thousands of dollars by themselves. I don't particularly care what Apple or some paid journalist claims. I know based on historical facts that sensors in all phones have been crap and there is essentially zero chance of a $50 sensor being on par with a $1000 sensor. They may have patched the worst software holes from the previous generation, but it is only a matter of time before new ones are found in this one. The top end sensors don't cost what they cost because of "beats" style name recognition.
 
Dekoth-E- said:
Without linking some ill informed piece of journalistic garbage, please show me an actual security comparison against actual top grade biometric scanners that cost thousands of dollars by themselves. I don't particularly care what Apple or some paid journalist claims. I know based on historical facts that sensors in all phones have been crap and there is essentially zero chance of a $50 sensor being on par with a $1000 sensor. They may have patched the worst software holes from the previous generation, but it is only a matter of time before new ones are found in this one. The top end sensors don't cost what they cost because of "beats" style name recognition.
Click to expand...

Oh and you don't have to prove anything? How convenient.
 
-Strelok- said:
Oh and you don't have to prove anything? How convenient.
Click to expand...

Not when there is already established data that shows phone biometrics are not secure on any level. Burden of proof falls on those claiming that these are somehow the exception to already established and proven fact.
 
Name 1 article where the iPhone 7 touchID has been hacked or hacking event. Since the implementation of Apple Pay, Apple have seriously stepped up its security even down to the internal communcation level which is when all that bad PR happened about using a touchID sensor other than the original one that came with the phone.
 
Dekoth-E- said:
Not when there is already established data that shows phone biometrics are not secure on any level. Burden of proof falls on those claiming that these are somehow the exception to already established and proven fact.
Click to expand...

If it's so easy to find, how about you provide a link? Thanks.
 
You must log in or register to reply here.
Back
Top