On stage during the unveiling of the Galaxy S8 and Galaxy S8+, Samsung detailed a security feature similar to one found in Ice Cream Sandwich – Face Unlock. With it, users simply hold their face up to the phone, the phone recognizes the user, then unlocks the phone. However, much like the original Face Unlock, Samsung’s implementation might be just as easily tricked into unlocking the phone for an unwanted user.
As detailed in a Periscope video posted by an attendee of this week’s unveiling in New York City, a simple selfie photo on a separate device was able to fool Samsung’s face recognition security feature and the phone was unlocked.
Frankly, this is disheartening, considering the same technique was used to bypass Google’s implementation more than five years ago. To help bolster the security measure, Google added in a liveness check, which required users to blink during the process. This meant that a still photo would not work. As of today, this security option is no longer present on Google devices.
It should be noted that Samsung seems to know Face Unlock may not be the best option for fans of security. As Arstechnica details, it’s the only biometric option that won’t authorize Samsung Pay purchases. That’s a good thing, since you wouldn’t want a selfie of yourself charging amounts of money to your credit card. No one would believe a story like that.
As we’ve always suggested, a simple PIN or password can be quite secure, or use the iris scanner and fingerprint. There’s plenty of other options available on the Galaxy S8.
To see a selfie fool the Galaxy S8, follow the Marcianophone link below, then skip to the 6:30 mark and watch it get performed repeatedly.