Web video, photos, or siblings can spoof Samsung Galaxy S10 facial recognition
The facial recognition capabilities of Android smartphones are being criticized as insufficiently secure, after a parade of tech commentators, journalists, and reviewers spoofed the biometric system of Samsung Galaxy S10 and S10+ devices to unlock them with YouTube videos and static images on other devices, and the face of a non-twin sibling, Android Police reports.
The new Samsung flagship smartphones serve users with a warning when they enroll a face that device unlocking with facial recognition is offered as a convenience feature, and is not as secure as other biometric methods, as images or people who look similar could unlock it. The devices also offer a faster unlocking setting, which is enabled by default, and further increases the technology’s FAR.
Lewis Hilsenteger of Unbox Therapy repeatedly unlocked his S10 with videos of himself from YouTube, played on a friend’s device the screen of which had not been wiped free of fingerprints.
Hilsenteger recommends using the in-display ultrasonic fingerprint sensor instead, though he is not impressed by that biometric feature’s performance, either.
“It’s not on the level of confidence that you have, say for example with a capacitive fingerprint scanner on the back of a device,” he says.
A reviewer with SmartWorld, an Italian tech publication, used a photo of himself to unlock his Galaxy S10 despite not having faster unlocking activated, and tech researcher Jane Wong unlocked her brother’s Galaxy S10 with her own face.
Testing has consistently indicated that Android facial recognition is not as secure as Face ID, though a code commit seems to indicate a future version of Android will natively support 3D facial recognition.