Home

Share this Story

Galaxy S8’s Face Unlock Might be Just as Bad as Android 4.0’s

galaxy s8+ tour

On stage during the unveiling of the Galaxy S8 and Galaxy S8+, Samsung detailed a security feature similar to one found in Ice Cream Sandwich – Face Unlock. With it, users simply hold their face up to the phone, the phone recognizes the user, then unlocks the phone. However, much like the original Face Unlock, Samsung’s implementation might be just as easily tricked into unlocking the phone for an unwanted user.

As detailed in a Periscope video posted by an attendee of this week’s unveiling in New York City, a simple selfie photo on a separate device was able to fool Samsung’s face recognition security feature and the phone was unlocked.

Frankly, this is disheartening, considering the same technique was used to bypass Google’s implementation more than five years ago. To help bolster the security measure, Google added in a liveness check, which required users to blink during the process. This meant that a still photo would not work. As of today, this security option is no longer present on Google devices.

It should be noted that Samsung seems to know Face Unlock may not be the best option for fans of security. As Arstechnica details, it’s the only biometric option that won’t authorize Samsung Pay purchases. That’s a good thing, since you wouldn’t want a selfie of yourself charging amounts of money to your credit card. No one would believe a story like that.

As we’ve always suggested, a simple PIN or password can be quite secure, or use the iris scanner and fingerprint. There’s plenty of other options available on the Galaxy S8.

To see a selfie fool the Galaxy S8, follow the Marcianophone link below, then skip to the 6:30 mark and watch it get performed repeatedly.

Via: Arstechnica | Marcianophone
  • You say, “As of today, this security option is no longer present on Google devices,” but I think that’s an overstatement. I noticed it (“Trusted Face”) today in my “Smart Lock” after I had factory reset my Pixel XL back to stock 7.1.2. Since then, I’ve setup Microsoft Outlook (which forces itself as a device administrator), and the “Trusted Face” has disappeared as a Smart Lock option. So there might be apps that, as Device Administrator, can request Android to turn it off, but it’s still there – just like it was in Android 5.0.

    After a little bit of Googling, it’s clear that the Face Unlock story is much as you describe it for Android 4.0 – with the option disappearing after blink detection was added as an experiment. But the new part is that it came back, as “Trusted Face”, ever since Android 5.0 and it’s still in there (just apparently with some ability to be toggled off). If you don’t see it on your device, then try turning off your device administrators. It might come back.

    CONFIRMED: After a little more Googling, it looks like Trusted Face can get turned off by the use of certain types of encryption and storage of certain credentials. It’s likely that Samsung is just making use of the same Trusted Face that still resides in 7.1.2, and it will likely get automatically turned off if you connect to certain networks or install certain applications. This isn’t new — just standard Android.

  • Aprilvhurst

    Google is paying 97$ per hour! Work for few hours & have longer with friends and family! !dh242c:
    On tuesday I got a great new Land Rover Range Rover from having earned $8752 this last four weeks.. Its the most-financialy rewarding I’ve had.. It sounds unbelievable but you wont forgive yourself if you don’t check it
    !dh242c:
    ➽➽
    ➽➽;➽➽ http://GoogleFinancialCashJobs532ShopFoxGetPaid$97/Hour ★★★✫★★★✫★★★✫★★★✫★★★✫★★★✫★★★✫★★★✫★★★✫★★★✫★★★✫★★★✫★★★✫::::::!dh242c:….,……

  • mcdonsco

    Has face unlock EVER worked well?

    • ctk4949

      Windows Hello, face unlock works great.

  • schoat333

    My Nexus 6 still has facial recognition. Works great.

  • Evron

    After using the Note 7 from launch till finale recall, the iris scanner is very fast and would be a solid alternative for the fingerprint scanner.

  • Daistaar

    As a heads up, using Facial Recognition will NOT be a viable option is using Enterprise Mail. Exchange users will not be able to use FR as a viable lock method. It does not meet the complexity requirements needed to allow Exchange mail with Management Software (EMM, MDM, MAM).

  • Tyler

    I would just use a PIN but I don’t understand why Android/Samsung STILL make you press OK after typing the PIN in instead of just going straight to the home screen!

  • mcdonsco

    There is only ONE thing between the G6 and S8 that may get me to go S8 (doubtful though): AMOLED vs IPS.

    Why does anyone use LCD’s for mobile devices anymore? They suck, universally compared to AMOLED.

    I would also say 835 vs 821, but Samsung’s skin will negate any and all benefits there.

    • Austin

      Actually, LCDs are objectively better in the sense that they do not suffer from burnins like LEDs

      • mcdonsco

        I’ve owned a TON of devices both lcd and amoled and I’ve yet to see or have a single issue with burn in. I have however noted that EVERY lcd I’ve ever had LIGHTS UP THE ENTIRE SCREEN EVEN IF ALL THATS ON IT IS A TINY CLOCK…AMOLED doesn’t do that.

        But, I suppose if your someone that keeps the same image lit up all the time on your phone and you keep your phones for 3-4 years, sure, maybe that would be a concern.

        • Austin

          I’m going to make the assumption that those devices are Samsungs that don’t use a static nav bar, a nav bar that stays there and doesn’t deteriorate along with the rest of the screen. Even on my Note 4, there’s a small burn in.

          Yes, you’re right, it will light up the entire screen, but it’s so dim that it hardly matters. It’s a safer display that will not decay.

          Also, **you’re.

          • mcdonsco

            Grammar Nazi ehh? Guess if you can’t be right in your initial post at least you can correct someone.

          • Austin

            I also made a point that you seemed to entirely ignore. It was a side note that I wanted to correct because you, like your point, are wrong.

          • mcdonsco

            I didn’t point it out because I generally don’t argue with morons that try to point out how somebody else’s opinion or preference is wrong because it differs from theirs.

            And if you want to continue this thread you’ll be doing it by yourself.

          • Austin

            Alright, that’s fine; there’s a few things I’d like to address.

            Your ad hominem proves that you know you’re wrong and reveals your immaturity.

            Second, I was pointing out something I had learned because LEDs *do* suffer from burn ins and I was saying that LCDs are better *only* in that sense. Check my wording and you’ll see that’s exactly what I meant. I do prefer AMOLEDs because of the contrast and color. However, in pointing that out for a healthy discussion, you decided to attack my own intelligence with your belligerence. I fail to see how I’m the “moron” in this situation when you clearly overreacted to my simple comment.

  • Chad

    Is this face unlock completely different than the Iris Scanner?

    • New_Guy

      Yes it is. The Iris scanner actually uses IR to scan the back of your eye and detects the vein patterns to see if they match yours. Pretty cool stuff.

    • Ralph Macchio

      yes

  • xzero425x

    The verge said it works so well they had a hard time recording it -_- WHAT ONE IS IT

    • New_Guy

      Gotta read the article. It’s not that it doesn’t work well, but it can be easily fooled. Facial recognition is more for convenience than true security. It has always been the least secure method and continues to be so.

      This is why FR cannot be used with Samsung Pay.

  • Michael Bassett

    Use a pin or password, if anyone (police?) want access to your phone they’ll force your face up to it or your fingerprint. They will strap someone into a chair to draw blood from their body in a DUI suspicion they’ll do that to get rid of evidence of them being filmed or to share any home “movies” you made with your GF with the whole force.

    • chris_johns

      exactly…#staywoke

      but seriously, people dont know this, and this is why ill never use any of these stupid bio methods to unlock a phone when a quick pin or pattern swipe will do it for me…plus dont want my girl opening my phone while i sleep with my hand or face or w.e lol

    • meh…

      More likely they’ll just show the phone a picture of you, which will defeat the lock.

    • Prototype

      Can’t defeat the gf example below, but having encryption does at least make it so that once you phone’s been powered off no one can get it back up without the password. Fingerprint unlock is pretty convenient, and there’s nothing time-sensitive that I’m worried about a warrant getting access to, but I agree that it is still an annoyance.

  • Lucky Armpit

    I don’t care, I didn’t plan on using it anyway. Assume 99% of GS8 customers won’t either.

  • MichaelFranz

    meh….this is ultimately just a gimmick. And its fine. Long story short. Don’t lose your phone. Additionally there can be some programming to use both Iris and Facial recog in a step 2 phase. While facial recog relies solely on the image of a face you can use both that system and the Iris system to recognize movement before unlocking. Whether it be a blink of the eyes, or movement of face from gesture (smile, frown, mouth movement).

    • IthinkIknowButIDK

      Better question is probably to ask who’s going to lose their phone while the thief has their selfie lol. I guess only a spouse/significant other would be in a position to unlock the phone with this facial scanner but if you’re hiding things from your spouse on your phone, then you probably deserve for them to let that stuff out of the bag.

      • MichaelFranz

        Samsung, convincing you not to have side chicks so your girl unlock your phone with your face and catch you. LOL

  • T4rd

    Wow, I totally forgot about face unlocking. I just set it up again and it’s perfect while sitting my my desk stand so I don’t have give my 6P a reach around (sorry, had to XD) to unlock it with my finger.

  • JSo

    “As of today, this security option is no longer present on Google devices.”

    Well we still have Trusted Faces, which is pretty much the same thing right?

    • Myrdrid

      Yes, it is the same thing. But, Google’s version requires you to blink.

      • JSo

        Trusted Faces is Googles version. The old face detection did require you to blink. Does it still require you to blink? If so, it doesn’t tell you to

        • roberto.elena

          It doesn’t, I’ve checked it right now with a Pixel XL.

      • roberto.elena

        No it doesn’t. I’ve set up trusted face literally now to check if this was true.
        Maybe it uses other security features to check whether it’s looking at a real person or a picture, but blinking is definitely not one of them.

    • Dan

      Hey, these are the experts writing this stuff, if they say it’s not there it’s not, despite just using it to unlock my phone…

  • friguy3

    Why not have the facial recognition have a time out feature, it cant be used if phone is locked for 30min+

    • New_Guy

      I actually like that idea a lot. You need to put in an application…

      • meh…

        Why bother? Samsung doesn’t update their devices.

  • MJ

    I have no idea why anyone would use facial or iris detection when a fingerprint reader is easier and faster to use.

    • steadymobb

      on the s8 that might not be the case

      • MJ

        Huh?

        • steadymobb

          the location of the fingerprint scanner. I feel as though a lot more people will be using the Iris scanner.

          • MJ

            I agree the fingerprint scanner location sucks on the S8 but I would be more likely to get a different phone than give up using a fingerprint scanner.

    • IthinkIknowButIDK

      dirty hands while eating wings?

      • MJ

        Why are you unlocking your phone if can’t touch it?

        • IthinkIknowButIDK

          to see a notification using your knuckle lol. We’ve all used our phones with dirty hands. Here’s one for you if you don’t buy that train of thought…what do you do if you’re wearing a glove while walking outside in the cold? You take off your glove to unlock your phone? Enter your PIN? If you don’t like this feature, don’t use it, secure or not, but don’t question other people’s uses since clearly their market research (good or misleading/bad) told them its worthwhile adding.

          • MJ

            What?

            The last two phones I have owned shows notifications right on the lock screen and have the double-tap feature.

            No, I don’t have to take my gloves off in the winter as touch gloves have been a thing for years now.

            I didn’t question anyone’s perference but expressioned my opinion. YOU replied to me and questioned that opinion. #facepalm

        • Daistaar

          https://youtu.be/Q2TtdM4iI5k?t=23s

          You’re welcome 😉

          • MJ

            Oh, it’s for rude people who answer their phone while sitting down and eating with others. How come no one wants to answer where their paper towel/napkin is?

          • Daistaar

            Depends on the setting. Barbecue, it should be under your plate. At a restaurant should be on your lap with no phone in sight and if it must be answered you step away from the table. However, I’m not going into etiquette. Just thought it was funny that this exact scenario had a solution by Samsung years ago.

            I hear you though that people are generating issues to mitigate the solution instead of the other way around.

          • Eric R.

            And that solution no longer exists.

    • Logic says…

      I know people who wear gloves.

      • MJ

        24/7? I use the PIN back up when outside in the winter.

        • Logic says…

          Not all gloves register.

          • MJ

            No kidding…

          • Logic says…

            Yeah, no kidding.

          • MJ

            Touch gloves have been a thing for years now….

          • BryceAlmighty

            To be fair, most touch gloves don’t offer adequate protection against -40C weather here in Canada on the prairies, so they’re not an option for everyone.

          • MJ

            Nothing is the best solution for every situation but for 99% of use cases a fingerprint scanner is more convenient and faster which is my point.

          • Trooper311

            Agreed 100% Also, Samsung sucks.

            That is all.

          • M­a­n­y p­e­o­ple w­a­nt t­o ha­v­e a go­o­d earnings at their, bu­t t­he­y do­n’t kno­w ho­w t­o exactly d­o th­at o­n th­e Int­ernet. Th­ere ar­e a many w­ays t­o ea­rn large am­ount of mo­ney, b­ut wh­enev­er p­eopl­e t­ry th­at the­y g­et tr­app­ed in a s­cam, So I am sh­aring wi­th yo­u a g­enuine an­d gu­arante­ed w­ay f­or fre­e to ea­rn hug­e am­ount of mon­ey a­t ho­me.I am making atleast $10000 per month since a whole year.Its an internet work and also not hard to do, Even a little boy or girl can do this work and make money. If you want a happy and wealthy life then you need to copy and paste this web site in browser and then follow instructions to get started right now and make Thousands Using the internet……….. http://ipt.pw/mMWmmZ

          • mcdonsco

            My guess is very few human beings live in such conditions and thus there isn’t enough of a market to justify creating something that would work well.

          • BryceAlmighty

            Actually, the reason I thought of this in the first place was because in Samsung’s marketing material, they showed off people using the iris scanner in snowy areas, so it seems they developed this at least with the idea that someone in such a situation would find it useful.

          • Aprilvhurst

            Google is paying 97$ per hour! Work for few hours & have longer with friends and family! !dh242c:
            On tuesday I got a great new Land Rover Range Rover from having earned $8752 this last four weeks.. Its the most-financialy rewarding I’ve had.. It sounds unbelievable but you wont forgive yourself if you don’t check it
            !dh242c:
            ➽➽
            ➽➽;➽➽ http://GoogleFinancialCashJobs532ShopFoxGetPaid$97/Hour ★★★✫★★★✫★★★✫★★★✫★★★✫★★★✫★★★✫★★★✫★★★✫★★★✫★★★✫★★★✫★★★✫::::::!dh242c:….,…..

        • thereasoner

          Wouldn’t iris be faster? and it wouldn’t matter what kind of gloves you are wearing.

          • MJ

            I suppose it would but use a phone with gloves on (with are touch gloves) only a handful number of times a year. Fingerprint scanner faster the other 99.9% of the time.

          • thereasoner

            Personally, I’m fine with FP as well the vast majority of time but it’s nice to have options when FP won’t do. Don’t think I’ll ever use face recognition though but iris sounds good.

    • friguy3

      Wife has small hands…cant reach the finger print reader on the back placement of the s8’s.

      • MJ

        What? LOL

        • friguy3

          shes 5′. You cant reach the finger print reader all the way up the back

          • MJ

            Did you mean 5″? Otherwise, yes she can if she knows how to hold a phone properly with one hand and use a fingerprint reader. If she has two hands even easier…

          • friguy3

            No 5′ (thats feet), 5″ is 5 inches. and if you hold the phone you cant get the finger up there, you need to shimmy a little and then shimmy back (The ones with a finger print reader lower are much easier to get to). She tried with my note 5 (yes it is wider) but she doesnt even come close.

          • MJ

            I know what feet and inches are but thanks…. Your comment only makes sense if she is 5 inches tall. I agree the fingerprint location is horrible on the S8.

          • T4rd

            It shouldn’t be hard to believe she can’t reach it.. most phone reviewers have even said it’s a stretch to reach (esp. on the S8+) and Samsung’s own video demo’ing it shows the user having to hold the phone with two hands to reach it comfortably.

          • MJ

            It’s NOT if you hold it right (balance it on your hand). LOL I should make a video and post it. Again, two hands also is a thing. I agree it would be more difficult with a S8 and would just buy a different phone if it was that much of a problem. I can unlock my phone before even take it out of my pocket so a facial/iris scanner seems like a step back to me.

    • BryceAlmighty

      I understand why people may not use the fingerprint scanner, since it’s in an inconvenient position on the phone (some people may not be able to reach without some crazy hand gymnastics) and gloves can interfere, but since there is an iris scanner present I’m not sure what the benefit of using facial detection is over the iris scanner.

    • Tyler Durden

      Literally every single video says how horribly placed it is. Fingerprint isn’t working for anybody.

      • thereasoner

        Turn your hand over and look. No need to fumble blindly and or smudge the camera. I’m sure that once people get used to it looking won’t be necessary. That and a case with separate cutouts for the camera and FPS should help as well.

        So much drama over something so trivial.

        • dblock

          First world problems at their finest with this whole S8 FP scanner fiasco. It’ll take a week for people to get used to that placement. People seem to underestimate the ability of the human body to learn new movements and commit them to muscle memory.

          • thereasoner

            Agreed. The Samsung haters are going to go with whatever criticism they can muster though and writers are going to capitalize on that for clicks.

    • matt0815

      why is a fingerprint reader faster or easier to use? Holding a phone in front of your face is probably the fastest and easiest way to unlock a phone…

      • MJ

        No… Dude, I can unlock my phone before I even take it out of my pocket.

    • General Pepe

      every single reply you’ve made to people is you’re doing x y z wrong, therefore it’s invalid. either quit sucking Samsung’s hole and be or leave your snarky replies at the door.

      • MJ

        No… I am making an counter argument to people who REPLIED to me. You are just saying words you would never say to my face because you would get your ass beat like a girl. FYI I have never bought a Samsung product in my life expect for the Galaxy NEXUS. I am advocating fingerprint scanners NOT the S8 moron.

        BLOCKED

        • General Pepe

          lmao what a crybaby. If telling you to stop kissing Samsung’s ass triggers you, then you have some major issues.

    • FingerFace_Pro

      fingerprints and faces can be 3D printed.
      an NO company will change this.
      it’s just UNSAFE security options.

      • MJ

        Yes, no unlock mechanism is 100% secure and it’s usually game over for anything when one has physical access. What’s your point?

    • cdm283813

      Because the location of the fingerprint reader sucks.

      • MJ

        Damn, you are late to the party. Sorry, but we are not starting over just for you.

    • thereasoner

      There was a story a few weeks back about a kid who unlocked a napping parents phone by gently placing the Touch ID underneath his Mom’s finger. The kid then went on to charge up quite the bill with in app purchases while playing games. The same could be done with facial recognition as well I suppose but some are saying that a facial expression could be added, like a wink or something, making a static picture or sleeping person useless.

      That said, iris is obviously still the most secure and I think that Samsung realized that when they decided to not allow facial recognition to work with Samsung Pay.

      • MJ

        No method is 100% secure but a 6 diget pin is the most secure.

        • thereasoner

          Pins can be defeated by brute force hacks, I’ve never heard of iris being hacked yet.

          I use an 8 digit pin on my Pixel every time I restart the device and FP the rest of the time but I would welcome Google adding iris in a future release, if not for security than for those times when FP isn’t as convenient.

          • MJ

            Oh no! Like I said, nothing is 100% secure and yes, if one has physical access to the device in question game over.

    • demarcmj

      I have a Nexus 6. No fingerprint reader.

      • MJ

        Ummmm Sorry???

        • demarcmj

          You said “I have no idea why anyone would use facial or iris detection when a fingerprint reader is easier and faster to use.” I was giving an idea 🙂

          • MJ

            Yeah, but the Nexus 6 doesn’t have a facial or iris scanner either.

          • demarcmj

            It has facial. That’s built into android.

          • MJ

            Oh yeah… I would use a pin personally.

          • demarcmj

            I have a pin too as a backup. Between the face, trusted locations, trusted devices, etc. I rarely have to enter it though.

    • dblock

      I thought the same as you until I actually tried the iris scanner on my Note7 when I had it. Pretty much as long as you are looking at your phone when you turn the screen on, it unlocks the phone immediately, you really don’t even see the gimmicky iris scanner window at the top most of the time. It works quite well, and on the Note7 where you had to turn the screen on to use the FP scanner anyhow, coupled with the fact that Samsung’s FP scanners are usually crap to begin with, the iris scanner ended up being my preferred method and was faster.

      TL;DR, I’d say try the iris scanner before saying you have no idea why anyone would use it. Unless of course you have tried it and still legit have NO idea why anyone would use it, despite having replies here tell you why people would use it.

      • MJ

        My point is I can unlock my phone before I even take it out my pocket with a fingerprint scanner. Why would I want to even try an iris scanner which would be a step back? Good point on the Samsung fingerprint reader which could be crap as I never used one and while they have moved it to the back now it is in a bad location.

    • MH

      Iris detection (on the note 7) was almost instant…..just as quick as the fingerprint reader assuming you’re looking at the screen and have reasonable hand-eye coordination.