Google and Samsung plan biometric software updates to address security issues

Google is planning a software update to the 3D facial recognition feature of the company’s new flagship Pixel 4 smartphone to give users the option to require the biometric scan to detect open eyes before unlocking, according to The Verge. While this patch would address the security vulnerability of people having their phones unlocked with face scans while they are asleep, Pixel 4 owners have been advised by Google to use the ‘lockdown’ option to require an additional factor like a password or geometric pattern.

The Pixel 4 does sense ‘screen attention’ to keep the screen from turning off while in use.

In a statement, Google said the software update will be available “in the coming months,” but also defended the biometric security of the Pixel 4.

“Pixel 4 face unlock meets the security requirements as a strong biometric, and can be used for payments and app authentication, including banking apps,” according to the statement. “It is resilient against invalid unlock attempts via other means, like with masks.”

The Pixel 4 is not the only Android device to unlock with facial recognition performed on a person with closed eyes. Samsung devices also have this security issue.

Samsung biometric updates coming

The facial recognition feature in Galaxy devices is also receiving un upgrade for devices running Android 10 and One UI 2.0, SamMobile reports. One new option is to ‘require open eyes’ for facial recognition, and the other is to enroll a second look, such as with facial hair or wearing a hat.

The ‘open eyes’ feature does not currently seem to work with the ‘faster recognition’ setting, so SamMobile speculates that it may not survive to the final version of Android 10.

Users of the Samsung Galaxy S10 and Note 10 are also being warned by the company not to use the gel covers which were recently revealed to cause failures by the in-display biometric fingerprint scanner at all until the device has been updated, Forbes reports. They are also being asked to re-enroll their fingerprints.

“Once updated, scan your fingerprint in its entirety, so that all portions of your fingerprint, including the center and corners have been fully scanned,” Samsung advises.

Samsung says a patch will be ready sometime this week, and also that the issue is caused by the sensor recognizing the biometric patterns of the enrolled user’s fingerprint from the protector, not simply from accepting a failure to acquire data as a match, as some in the industry have speculated.

““This issue involved ultrasonic fingerprint sensors unlocking devices after recognizing 3-dimensional patterns appearing on certain silicone screen protecting cases as users’ fingerprints,” according to the company. This means if the template on the device is not replaced, a discarded protector could be reapplied to the device and used to unlock it.

Article Topics

access management  |  biometrics  |  facial recognition  |  fingerprint authentication  |  Google  |  Samsung  |  security  |  smartphones  |  ultrasonic fingerprints