Anyone can unlock a Samsung Galaxy S10 flagship using the owner’s picture
March 12, 2019
The Face recognition feature in Samsung's Galaxy S10 flagship phone is so insecure that anyone can unlock the phone using a picture or a YouTube video of its owner.
Users of Samsung's Galaxy S10 flagship phone should avoid using the flagship's "Face Unlock" feature as the lack of accuracy in its technology ensures that anyone can unlock it using a picture or a video that closely resembles the face of its owner.
Recently, a large number of phone reviewers, as well as Galaxy S10 users, demonstrated on Twitter and other social media platforms how easy it is for a third person to unlock someone's Galaxy S10 using a picture or a video or even the face of a sibling.
Naturally, such a lack of accuracy in a phone that offers enhanced security to its users is a matter of grave concern. Compared to how easily the Face Unlock feature can be fooled, the Face ID feature in the £999 iPhone X uses the TrueDepth camera system's infrared camera along with proximity and light sensors to detect and map out the face of an iPhone X user.
The Face ID system also utilizes specialised hardware and a flood illuminator to create 30,000 invisible dots which can go a long way in mapping a user's unique facial features. Like Apple says, unless you have an evil twin, you have no reason to worry.
While testing Face ID, Apple made sure the facial recognition feature, unlike its predecessors from other tech giants, didn't fall for well-lit photographs or other faces that had similar features. The company even tested the software against face masks that mimicked the unique features of a human face.
Samsung does admit that face recognition isn't worth it
"Vendors and manufacturers have a responsibility towards private individuals who purchase their products. People who aren’t necessarily as versed in the technical details of the features their device offers may unknowingly leave their phones exposed to hacks by choosing forms of authentications they don’t know to be flawed," says Cary Gibbs, regional director of EMEA channels at Tripwire.
"It is important that Samsung informs customers of the risks they may incur if they opt for face recognition as their main authentication method, and that Samsung advises consumers to opt for a more secure one," he adds.
Fortunately, Samsung chose to do just that when it launched the Galaxy S10 flagship. When users try to activate the Face Recognition feature in the phone, Samsung informs them that the feature is just a convenient way for users to unlock the phone and to verify themselves in apps.
To those saying this is a flaw and needs to be fixed, it isnt, and won't. Samsung doesn't have a depth sensor/dot projector to 3d map your face, and you're warned of this very thing when setting up facial recognition. pic.twitter.com/myrKu1uVJn
"Face Recognition is less secure than other lock types because there is a possibility that someone who looks like you or who uses an image of your face could unlock your phone.
"Keep in mind that Face recognition might not recognise you if there are major changes to your appearance, such a heavy makeup, facial hair changes, or glasses. If you usually wear glasses, you might want to keep them on while you set up Face recognition," Samsung's disclaimer reads.
According to Slash Gear, the kind of hardware required to map users' faces with precise accuracy could not fit in the Infinity-O hole-in display in the Galaxy S10 as the company chose to incorporate as much display in the phone's face as it possibly could. This forced the company to incorporate a dumbed-down face recognition feature in the Galaxy S10 which it could certainly do without.
Now that the feature is available in the flagship device, users of the Galaxy S10 must rather use the fingerprint sensor to unlock their phones than using the face recognition feature which Samsung itself admits is not secure in the least.
Jay Jay is a freelance technology writer for teiss. He has previously written news articles, device reviews and features for Mobile Choice UK website and magazine, as well as writing extensively for SC Magazine UK, Tech Radar, Indian Express, and Android Headlines.
Panerabread.com stored personal and financial details of over 37 million customers for around eight months before the bread-maker shut it down after being alerted by a security researcher, security writer …