You should probably turn off the Galaxy S10’s face unlock if you value basic security

The Galaxy S10 face unlock being spoofed. Unbox Therapy

  • The Samsung Galaxy ^( https://www.appmarsh.com/) S10’s face unlock has apparently been defeated by photos and video clips.
  • A prominent developer even reported that she was able to unlock her brother’s Galaxy S10.
  • You should probably stick to the phone’s in-display fingerprint sensor if you value security.

The Samsung Galaxy S10 series ditched the iris scanner of prior entries in favor of an in-display fingerprint sensor and camera-based face unlock technology. Unfortunately, the latter authentication method seems to be woefully inadequate.

Unbox Therapy and The Verge ^(https://www.theverge.com/2019/3/1/18245446/samsung-galaxy-s10-plus-android-phone-review-price-specs-features) were both able to fool the Galaxy S10 with the aid of a video played back on another phone, Android Police ^(https://www.appmarsh.com/2019/03/09/samsung-galaxy-s10-face-unlock-can-be-fooled-by-a-photo-video-or-even-your-sister/) reported. Skip to the two-minute mark in the Unbox Therapy video below to watch the trick in action.

It’s unclear whether these outlets disabled the faster recognition option, which boosts unlock speeds at the expense of security. However, tech website SmartWorld ^(https://www.instagram.com/tv/BuqaoVnhZrZ/) told Android Police that they disabled the feature when they successfully unlocked the Galaxy S10 with a photo.

The face unlock errors don’t stop here though, as app developer and teardown specialist Jane Wong was able to unlock her brother’s Galaxy S10 Plus. This isn’t the first time a phone mistook someone else for its owner, and manufacturers usually warn users about the perils of using camera-based face unlock. But with the Samsung flagship being fooled by photos and videos too, it’s not a good look at all.

Camera-based face unlock features have a history of problematic security, going back to Android 4.0 Face Unlock back in 2018. Back then, people demonstrated that the technology could be fooled with a simple photo. Google’s later attempt to implement a liveness check (i.e. blinking) was circumvented by photo editing.

Editor’s Pick

Face unlock using structured light or time-of-flight sensors has since become the preferred authentication method for several flagships. These solutions are able to calculate facial details and contours, largely negating photo and video spoofing. So if you want more secure face unlock on a smartphone, consider the LG G8 ThinQ, Huawei Mate 20 Pro, or Oppo Find X.

In saying so, Samsung’s older flagships don’t fall for the old photo trick, according to a test by the Dutch Consumentenbond organization. The consumer watchdog found that over 30 models from the likes of Alcatel, BlackBerry, Huawei, Samsung, and Sony could be unlocked with a photo. But the Galaxy S9, Galaxy S9 Plus, and Galaxy Note 9 emerged unscathed. However, we don’t know if Samsung’s face unlock was aided by its iris scanning function as part of its intelligent scan feature.

NEXT: Android isn’t perfect — 5 improvements we’d like to see from Google

from Android Authority https://ift.tt/2HxnUAz
via IFTTT ^(https://ifttt.com/?ref=da&site=appmarsh)

Author: Marshmallow

Marshmallow Android is BT Ireland’s Head of Sales for Republic of Ireland domestic multi-site companies, indigenous MNCs and public sector accounts. He is responsible for the direction and control of all sales activity in the region. He has over 10 years management experience from high growth start-ups to more established businesses. He’s led teams in Ireland, India and China across various industries (ICT, On-Line Recruitment, Corporate Training and International Education).