Slashdot Mirror

← Back to Stories (view on slashdot.org)

Samsung Galaxy S3 Face Unlock Tricked By Photograph

Posted by samzenpus on from the a-picture-is-worth-a-thousand-passwords dept.

AlistairCharlton writes with a story about an Android Face unlock security system that could use some tweaking. "Android's Face Unlock security on the Samsung Galaxy S3 can be tricked into unlocking the phone by showing it a photograph of the owner. In a test carried out by IBTimes UK, we found that the Galaxy S3 cannot distinguish between a photograph and a real person, leading us to suggest users should select a more secure way of locking the phone, such as with a PIN or password."

174 comments

  1. Can you see it? by alexbgreat · · Score: 5, Funny

    This is my shocked face...

    1. Re:Can you see it? by icebike · · Score: 2

      Obligatory:
      http://www.youtube.com/watch?v=HqVBKO_QM3o

      --
      Sig Battery depleted. Reverting to safe mode.
  2. Not Intended to be Industrial Grade by nahdude812 · · Score: 5, Insightful

    Face unlock is not intended to be industrial grade security. By its nature it has to be tolerant to unlocks (it would suck if you couldn't unlock your phone after a haircut or beard trim, for example). It's intended to prevent casual perusal by someone who finds the phone sitting around. They've added some little things like requiring some movement in the face (eg, blinking), so it's mildly surprising that a static photo can trick it. But it's not especially worrying either - again, it's meant to be one step above slide to unlock.

    It's almost like stating that the standard "slide to unlock" is insecure because anyone can slide that button! The statement is true, but it misses the point.

    Also, a quote from Samsung taken directly FTFA:

    "Therefore, users with sensitive information on their phone are advised to use higher-protection security features, such as pattern, pin, or password unlock."

    --
    Slay a dragon... over lunch!
    1. Re:Not Intended to be Industrial Grade by Rhodri+Mawr · · Score: 2

      They've added some little things like requiring some movement in the face (eg, blinking), so it's mildly surprising that a static photo can trick it.

      Given that my son's camera consistently detected the Mona Lisa blinking, I'm not surprised at all.

    2. Re:Not Intended to be Industrial Grade by Anonymous Coward · · Score: 0

      It's a stupid tech, and should not be used by anone who cares about the contents of their phone.

    3. Re:Not Intended to be Industrial Grade by Missing.Matter · · Score: 1, Flamebait

      From the quote, if something as simple as a pin password is "higher-protection" then let's just call this face unlock feature what it is: a pointless gimmick.

    4. Re:Not Intended to be Industrial Grade by errandum · · Score: 2

      it's not stupid at all, you don't have to slide your finger on the screen!

      With a 4.8 screen, imagine how much work you'd have to put into that every single day... It's a godsend, I tell you, a godsend!

    5. Re:Not Intended to be Industrial Grade by Anonymous Coward · · Score: 0

      All biometric security is pretty easy to bypass. Iris scanners are as easily fooled as face detection, except it's more difficult to get a high resolution image of a person's irises.

      Hand and fingerprint scanners can be fooled with the old "gummy finger" trick. This consists of dusting prints and lifting them with cellophane tape, then etching it to a photosensitive PCB and using that to mold gummy prints. If the scanner also checks for capacitance and moisture, you can simply lick the gummy print before using it on the scanner. Afterwards, you eat the prints to eliminate the evidence.

      Passwords/passcodes and physical keys are still the best for security.

    6. Re:Not Intended to be Industrial Grade by errandum · · Score: 1

      The phone will lock for 30s after 3 failed attempts or so, so you'd still have a hard time with a pin.

      But any android phone has offered the option for a password for the last year, so the whole thing is moot. Want security, pick a strong passsword.

    7. Re:Not Intended to be Industrial Grade by localman57 · · Score: 4, Insightful

      It's not necessarily pointless, depending on who your attacker is. Against a sufficiently advanced and determined attacker, nearly all security attempts are pointless, because all can be broken, even if a rubber hose must be used. If your goal is to simply prevent someone from casually picking up your phone and browsing through your inbox, it might be worthwhile. Additionally, if the "gimmick" aspect leads some people to use it who would not otherwise use a PIN (which is very un-gimmicky), there may be some value in it.

      Finally, I see this as potentially very useful as a two-factor authentication for cases where the person who has the phone doesn't know to whom it belongs. e.g. they found it in a bar. If brute-forcing the face recognition is somewhat difficult, it could be added to a pin code for extra security. All of this assumes that there isn't an easily exploited backdoor or weakness via USB or other interface.

    8. Re:Not Intended to be Industrial Grade by KhabaLox · · Score: 5, Funny

      Want security, pick a strong passsword.

      Exactly. That's why I use a picture of Rainer Wolfcastle for my Galaxy.

      --
      Ceci n'est pas un sig.
    9. Re:Not Intended to be Industrial Grade by mcgrew · · Score: 1

      It's not security at all, it's convenience. I stopped buying those old "candy bar" phones because you either had to unlock it with a key combination before you could answer it, or risk butt-dialing 911 while you're buying weed. But now the flip phones I like are going out of style, everybody and his dog wants a phone that won't fold and won't fit in a pocket. For an Android/iPhone this would be great... if I could find one I could comfortably fit in my pocket.

      With a flip phone, pull it out and open it (quick thumb motion) and say "hello?" With a modern iPhone/Android you have to fiddle with it to unlock it. This just removes the "fiddling with it" part, like the flip phone's cover did; pull it out and answer.

      --
      Free Martian Whores!
    10. Re:Not Intended to be Industrial Grade by noh8rz3 · · Score: 0, Funny

      Another way that samsungs are inferior to iPhones. Apple products don't offer that feature. Pin or slide to unlock only. I'm mwaiting for Siri unlock capability. My voice is my passport. Verify!

    11. Re:Not Intended to be Industrial Grade by Anonymous Coward · · Score: 0

      Unfortunately that is not possible. You have to pick ONE unlock method so no two factor unlocking for you. Not sure if that is an Android limitation or if Samsung made it that way because it would be "too confusing" if they allowed two factor unlocking.

    12. Re:Not Intended to be Industrial Grade by icebike · · Score: 4, Informative

      Face unlock is not intended to be industrial grade security. By its nature it has to be tolerant to unlocks (it would suck if you couldn't unlock your phone after a haircut or beard trim, for example). It's intended to prevent casual perusal by someone who finds the phone sitting around. They've added some little things like requiring some movement in the face (eg, blinking), so it's mildly surprising that a static photo can trick it. But it's not especially worrying either - again, it's meant to be one step above slide to unlock.

      It's almost like stating that the standard "slide to unlock" is insecure because anyone can slide that button! The statement is true, but it misses the point.

      Also, a quote from Samsung taken directly FTFA:

      "Therefore, users with sensitive information on their phone are advised to use higher-protection security features, such as pattern, pin, or password unlock."

      Further this is a standard feature of ICS, and nothing to do with Samsung. Its on all the HTC phones that ship with a front facing camera and ICS installed.
      Want to blame someone, blame Google for adding this silly feature to Android.

      --
      Sig Battery depleted. Reverting to safe mode.
    13. Re:Not Intended to be Industrial Grade by Anonymous Coward · · Score: 0

      The problem is that whatever locking mechanism that is in use is the only thing protecting the phone from the bad guys. Home PCs are not on the road with someone, so their defense against attacks due to physical security can be extremely low in most cases and the risk be acceptable to most. A phone is a lot more vulnerable to that.

      So, the local authentication has to be of decent strength to protect what the person has on the phone. It might be their private documents. It might be their contact list. It might be just the fact that bandwidth is so expensive that someone might just use the device tethering until the telco drops it from the network. Reading someone's phone and sending clever E-mails out as that person can not just result in some screwed up relationships, but can net someone a nice windfall if they do the "OMG, I need $500 cash, I'm stuck here" gambit. A sophisticated thief using the device in a busy area (or shutting down the GSM/CDMA radio and using a Wi-fi network to slow down people trying to find the device) could in theory do a lot of damage to a victim.

      People need to be assured that if they turn on some security, be it the connect the dots, fingerprint scanner, face recognition, or PIN/password, that it has been fairly tested and is secure against most things. There is no 100%, but it should be pretty robust.

      Take a simple PIN for instance. Pair it up with the setting to erase the device after ten fails. Then an attacker gets the device and looks for fingerprints. One smudge on the device -- trivial. Two smudges and a four digit PIN can mean a 10 in 16 chance of getting the result. Three smudges, a 10 in 27, and four smudges, a 10 in 256 chance.

      If someone uses a longer PIN, it becomes harder to guess things.

      Compare that do the connect-the-dots, where one can figure out with smudges of where the code begins and ends, then easily redraw it for access.

      So far, on Android, the only other strong access mechanism I've seen was the fingerprint scanner on the Atrix 4G (not on the Atrix 2.) Maybe the gummi bear fingerprint trick might work, but I'd guess that is long since been addressed.

      With all that is at risk if a phone is stolen, a phone should either have alternate unlock methods that are as strong as a PIN or password, or just don't offer them. The illusion of security when in reality, there isn't any can be really damaging.

    14. Re:Not Intended to be Industrial Grade by Marillion · · Score: 1

      Exactly, that's true of any "fuzzy" system. Fuzzy includes fingerprint readers, retina scanners, voice prints. You name it, it has to allow for a a degree of fuzziness. They make for great Hollywood visuals, but nothing else.

      --
      This is a boring sig
    15. Re:Not Intended to be Industrial Grade by Anonymous Coward · · Score: 0

      Great idea! ( as I stand in the shadows and hit record as you unlock your phone...) Great Idea indeed!

    16. Re:Not Intended to be Industrial Grade by Anonymous Coward · · Score: 0

      In fact, when you enable face unlock, you get a fucking warning telling you it's not secure!

      So, to summarise - the only way an Android user would think that face unlock is secure is if they ignored every single screen when enabling it and then rammed their head into a wall so that they had no living brain cells.

    17. Re:Not Intended to be Industrial Grade by Captain+Hook · · Score: 1

      WHOOSH

      Failure to detect geek movie reference

      --
      These comments are my personal opinions and do not necessarily reflect the opinions of the other voices in my head.
    18. Re:Not Intended to be Industrial Grade by Anonymous Coward · · Score: 0

      Hi, my name is Werner Brandes.

    19. Re:Not Intended to be Industrial Grade by liquidsin · · Score: 5, Funny

      just use a picture of your balls; in theory it should be easier to keep would-be hackers from getting a picture of your balls, and it's only slightly awkward to shove your hand down the front of your pants every time you'd like to use your phone.

      --
      do not read this line twice.
    20. Re:Not Intended to be Industrial Grade by crakbone · · Score: 4, Interesting

      Actually I see this as preventing the casual phone check by a police officer. It becomes a locked container and they then legally have to go to more extremes to open it. In some cases a warrant.

    21. Re:Not Intended to be Industrial Grade by dev.null.matt · · Score: 1

      Take a simple PIN for instance. Pair it up with the setting to erase the device after ten fails. Then an attacker gets the device and looks for fingerprints. One smudge on the device -- trivial. Two smudges and a four digit PIN can mean a 10 in 16 chance of getting the result. Three smudges, a 10 in 27, and four smudges, a 10 in 256 chance.

      If someone uses a longer PIN, it becomes harder to guess things.

      Man, I wish my college room-mate had a phone like this. Ten steps to deleting everything on his phone would have been hilarious to me.

    22. Re:Not Intended to be Industrial Grade by Splab · · Score: 1

      I keep my phone in front left pocket, so not that far away, but crotch dialing would be an issue :)

    23. Re:Not Intended to be Industrial Grade by Jarik+C-Bol · · Score: 1

      Sir, I hereby award you the internet for the day, as you have made me laugh heartily at your witty commentary. Someone mod this person +1 funny.

      --
      I've decided to Diversify my Holdings. I've divided my cash between my left and right pockets, instead of all in one.
    24. Re:Not Intended to be Industrial Grade by girlintraining · · Score: 2

      "Therefore, users with sensitive information on their phone are advised to use higher-protection security features, such as pattern, pin, or password unlock."

      Yeah, because it's terribly difficult to see the finger smear left on the display after the unlock code is entered.... o_o Hmm, it looks like a backwards Z! Actually, in studies of it, they've discovered people tend to make geometric shapes or reversed alphabet characters as their unlock code... There's a fairly good chance that if you try the top 20, you'll unlock the phone. So there's that too...

      --
      #fuckbeta #iamslashdot #dicemustdie
    25. Re:Not Intended to be Industrial Grade by CCarrot · · Score: 1

      just use a picture of your balls; in theory it should be easier to keep would-be hackers from getting a picture of your balls, and it's only slightly awkward to shove your hand down the front of your pants every time you'd like to use your phone.

      Intriguing thought. However, since I don't believe it uses any flash or other mode of subject lighting, you'd actually have to haul your balls out into the daylight instead, or use some sort of in-place ball lighting apparatus, which could get...interesting...in public places.

      A bit less convenient But I suppose you'd have a nicely tanned sack! :P

      --
      "I love animals! Some are cute, others are tasty, what's not to like?" - Betsy Schroeder, Jeopardy contestant
    26. Re:Not Intended to be Industrial Grade by CCarrot · · Score: 5, Funny

      Actually I see this as preventing the casual phone check by a police officer. It becomes a locked container and they then legally have to go to more extremes to open it. In some cases a warrant.

      Or they just hold it up 'Is this your phone, sir? Oh look, it's unlocked...'

      --
      "I love animals! Some are cute, others are tasty, what's not to like?" - Betsy Schroeder, Jeopardy contestant
    27. Re:Not Intended to be Industrial Grade by kqs · · Score: 2

      Take a simple PIN for instance. Pair it up with the setting to erase the device after ten fails. Then an attacker gets the device and looks for fingerprints. One smudge on the device -- trivial. Two smudges and a four digit PIN can mean a 10 in 16 chance of getting the result. Three smudges, a 10 in 27, and four smudges, a 10 in 256 chance.

      If someone uses a longer PIN, it becomes harder to guess things.

      How do you get 256? 4 smudges means a 10 in 24 chance (4*3*2). Three or two smudges are even easier though I don't recall how to calculate the odds.

      Compare to face unlock which protects a lost cell phone pretty well, but gives little protection against your friends. I know which attacker I care about more.

    28. Re:Not Intended to be Industrial Grade by Barlo_Mung_42 · · Score: 1

      Good point. Plus it probably doesn't work if your eyes are all red and swollen from pepper spray.

    29. Re:Not Intended to be Industrial Grade by atisss · · Score: 1

      Passwords are one of the worst for security, as they don't change, so seeing/stealing your password once grants you access.

      Implanted RSA chip with physical button for authentication is best.

    30. Re:Not Intended to be Industrial Grade by Anonymous Coward · · Score: 0

      Bah, I meant permutations, not combinations.

      1! = 1.
      2! = 2
      3! = 6
      4! = 24

      etc.

      Yes, passwords and PINs are not perfect. Something nice would be a fingerprint scanner that isn't fool-able by a gummy bear or other stuff. However, it does suck less than facial recognition or connect the dots.

      Facial recognition would be more useful if there were a way to have the camera check for IR signatures or some way of telling a real face from a photo, even if it might be a brief flash of IR light from the camera lens, or looking for a heat signature from the person's face as an addition to the other facial details. Faking someone's heat signatures can be done, but would a hell of a lot harder than showing a facebook picture to the camera.

    31. Re:Not Intended to be Industrial Grade by Kittenman · · Score: 1

      just use a picture of your balls; in theory it should be easier to keep would-be hackers from getting a picture of your balls, and it's only slightly awkward to shove your hand down the front of your pants every time you'd like to use your phone.

      Intriguing thought. However, since I don't believe it uses any flash or other mode of subject lighting, you'd actually have to haul your balls out into the daylight instead ...

      I think if you do this, other people get the flash, rather than you.

      --
      "The greatest lesson in life is to know that even fools are right sometimes" - Winston Churchill
    32. Re:Not Intended to be Industrial Grade by Anonymous Coward · · Score: 0

      shove your hand down the front of your pants every time you'd like to use your phone.

      Or the back, if you're an Apple aficionado.

    33. Re:Not Intended to be Industrial Grade by the+grace+of+R'hllor · · Score: 1

      For two years my only security on my iPhone was 'slide to unlock' (ie none) and keeping it on my person except at trusted locations. Worked fine. It's like writing things down in a notebook. You don't tie a stronger string around it, you keep track of where it's at.

      Beyond that, it's convenience.

      Ten steps to wiping the phone? Talk about opening yourself up for a DoS attack.

    34. Re:Not Intended to be Industrial Grade by Anonymous Coward · · Score: 1

      just use a picture of your balls...

      or vagina.

    35. Re:Not Intended to be Industrial Grade by Anonymous Coward · · Score: 0

      this is slashdot...

    36. Re:Not Intended to be Industrial Grade by Anonymous Coward · · Score: 0

      It even says that on the screen when you turn on Face Unlock, how is this a story?

    37. Re:Not Intended to be Industrial Grade by Anonymous Coward · · Score: 0

      So why did Google think it would be an awesome "security feature" to add to the phone?

      Why spend time, engineering effort, and processor power creating a "security feature" that is not "secure," and which only the most willfully ignorant person on earth would enable and use as 'security' for their phone?

      Is this *seriously* the only thing that Android is lacking now? "Hey guys, this mobile operating system is absolutely, 100% feature complete, except for a useless gimmick-cum-security-feature. Let's spend dev time during our ICS development cycle whipping that up so we've covered everything." Seems to me the dev time could've been better spent on *actual* security or *actual* features, but instead some dumbass engineer or manager decided that this was a better way to waste someone's time.

    38. Re:Not Intended to be Industrial Grade by gregski · · Score: 1

      I prefer to use a picture of Emily Blunt, that way if she ever takes my phone at least I have her number!

      --
      I have never let my schooling interfere with my education. - Mark Twain
    39. Re:Not Intended to be Industrial Grade by Anonymous Coward · · Score: 1

      Given that my son's camera consistently detected the Mona Lisa blinking, I'm not surprised at all.

      And it's just spooky eerie how her eyes follow you around the room.

    40. Re:Not Intended to be Industrial Grade by enrgeeman · · Score: 1

      Movie? I thought it was from the game Uplink.

      --
      sent from my slashdot browser.
    41. Re:Not Intended to be Industrial Grade by complete+loony · · Score: 1

      Forcing the user to turn their face around a bit so you can check their features against a 3d model might work. But would be more difficult to implement, and probably more error prone.

      --
      09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
    42. Re:Not Intended to be Industrial Grade by viperidaenz · · Score: 1

      and covered in blood from the boot in the face received after successfully being subdued by the pepper spray

    43. Re:Not Intended to be Industrial Grade by viperidaenz · · Score: 2

      I have two reasons for enabling "slide to unlock" on my phone. 1: to stop pocket dialing. 2: to stop my son from dialing 111 if he gets my phone. He's two now and has figured out how to unlock already, dial numbers and start angry birds. It would take him another few years to figure out he has to point the phone at me or a photo of me.

    44. Re:Not Intended to be Industrial Grade by hedley · · Score: 1

      A buddy was out with a lady friend, not his gf, and the unlocked candy bar butt dialed his gf. Awkward for him since she tuned into the conv.

      cue the Dr Hibbert laugh on that one :)

      H.

    45. Re:Not Intended to be Industrial Grade by YttriumOxide · · Score: 2

      I have two reasons for enabling "slide to unlock" on my phone. 1: to stop pocket dialing. 2: to stop my son from dialing 111 if he gets my phone. He's two now and has figured out how to unlock already, dial numbers and start angry birds. It would take him another few years to figure out he has to point the phone at me or a photo of me.

      My 14 month old daughter can now "slide to unlock" my wife's phone, bring up the address book and press the picture of her dad. She calls me at work at least twice a week. She's a little behind in the speaking department though, so no matter how much I try to get her to say something, she'll remain silent or offer a non-specific squeak/grunt at best (no cause for concern yet, but we're hoping her language skills pick up soon).

      So yes, I completely agree that the face recognition would be useful here - my wife's phone contains very little in the way of sensitive data; is never left anywhere when she goes out; and we live in a very low-crime city/country... security is therefore basically irrelevant, we just need a way to stop our daughter racking up pointless phone bills! (although I'll happily get her her own gizmos and toys since she clearly loves anything with buttons and/or screens)

      --
      My book about LSD and Self-Discovery
      Also on facebook as: DroppingAcidDaleBewan
    46. Re:Not Intended to be Industrial Grade by GNUALMAFUERTE · · Score: 1

      And it says so right when you go to configure it.

      (I don't own an S3, but a Galaxy S i9003 running community-made ICS - CyanogenMod9)

      From the face unlock configure screen (when you try to enable it):
      "- Face unlock is less secure than a pattern, PIN or password
      - Someone who looks similar to you could unlock your phone."

      Most fingerprint readers, even those sold to open your fucking door, can be tricked with a black-and-white picture of the right fingerprint, who is surprised that a novelty feature still in beta, which is part of a Free OS for consumer mobile devices, as implemented by third party companies using a cheap VGA front camera, and configured quickly by an inexperienced user in poor lighting condition isn't vault-grade security? Specially when it says so right in the box.

      --
      WTF am I doing replying to an AC at 5 A.M on a Friday night?
    47. Re:Not Intended to be Industrial Grade by hajus · · Score: 1

      Wait.. what? Passwords don't change but implanted chips do?

    48. Re:Not Intended to be Industrial Grade by Anonymous Coward · · Score: 0

      There is no vagina, there is only balls.

      ...not to mention the need for a waterproof case.

    49. Re:Not Intended to be Industrial Grade by Compaqt · · Score: 1

      > how much work you'd have to put into that every single day.

      Well, no, actually I don't.

      I know the size of your screen.

      I just need to know how fat your fingers are so I can calculate F and W.

      --
      I'm not a lawyer, but I play one on the Internet. Blog
    50. Re:Not Intended to be Industrial Grade by SpaghettiPattern · · Score: 1

      just use a picture of your balls; in theory it should be easier to keep would-be hackers from getting a picture of your balls, and it's only slightly awkward to shove your hand down the front of your pants every time you'd like to use your phone.

      Like the idea! Like the idea!

      I see however a problem in that the phone surely needs a face to recognize. I therefore would suggest to mimic the famous 70-s hippy image of a phallus with sunglasses and cigarette. We should form a company whereby we complement each other!

      --

      I hadn't the slightest objection to his spending his time planning massacres for the bourgeoisie... (P.G. Wodehouse)
    51. Re:Not Intended to be Industrial Grade by Anonymous Coward · · Score: 0

      Yes, chip would sign your login each time, so no authentication is the same as previous.

      Unless sombeody cuts you up and extracts key from the chip there is no way to authenticate as you

    52. Re:Not Intended to be Industrial Grade by michelcolman · · Score: 1

      I know a guy this happened to in a bar, but he actually turned down the girl that was hitting on him. Worked wonders for his relationship.

    53. Re:Not Intended to be Industrial Grade by nahdude812 · · Score: 1

      no cause for concern yet, but we're hoping her language skills pick up soon

      You're more than right; at this age an occasional and almost accidental "dada" or "mama" is appropriate. It's pretty intriguing that she is able to operate the phone well enough to unlock it and call you. My son is 13 months old, and I go out of my way to make sure he doesn't have access to my phone since at this age, they tend to explore the world with their mouth (not surprising, the tongue is the highest nerve density in your body, you can feel detail with it that you can't with any other part of your body, and you get the added bonus of taste).

      --
      Slay a dragon... over lunch!
    54. Re:Not Intended to be Industrial Grade by FlopEJoe · · Score: 1

      You'd be surprised at how many pictures of my balls there are out there.

    55. Re:Not Intended to be Industrial Grade by Anonymous Coward · · Score: 0

      I use my Chucky dall. It can actually blink.

    56. Re:Not Intended to be Industrial Grade by Anonymous Coward · · Score: 0

      but how unique balls are?

    57. Re:Not Intended to be Industrial Grade by Anonymous Coward · · Score: 0

      OK. that's funny.

    58. Re:Not Intended to be Industrial Grade by Anonymous Coward · · Score: 0

      No, euniques don't have balls by definition.

    59. Re:Not Intended to be Industrial Grade by Anonymous Coward · · Score: 0

      Yes, you're totally right, but unlike Apple's marketing department, Samsung does not think about how "features" end up in the media. This, of course, shows that Samsung sucks, and therefore the whole phone, including this feature sucks too.

    60. Re:Not Intended to be Industrial Grade by quacking+duck · · Score: 1

      With a flip phone, pull it out and open it (quick thumb motion) and say "hello?" With a modern iPhone/Android you have to fiddle with it to unlock it. This just removes the "fiddling with it" part, like the flip phone's cover did; pull it out and answer.

      Answering an iPhone is also just a quick thumb motion. Passcode is only needed to dial out (except if emergency call button is pressed) or access apps. I imagine Android is similar.

      And though placing your thumb on the right spot on the touchscreen might add a fraction of a second over flipping a physical cover, in normal use many people check who's calling first (call display assumed), so they'd need to look at the screen anyway unless the caller has been set to a custom ringtone (which are limited to a small number of contacts, and don't help when silenced or for the number is unknown).

    61. Re:Not Intended to be Industrial Grade by quacking+duck · · Score: 1

      I've long suspected swipe-passcodes are theoretically less secure than 4-number PIN, if for no other reason than the swipe leaves a single trail (only 2 possible paths based on finger smudge), whereas buttons you have thousands of possible numbers. Assuming the 4 numbers are all different of course.

      Seems the math backs this up.

      Of course this all assumes the user started with a clean screen, entered the passcode/pattern, then immediately locked it and gave it to someone to guess. In real life other interaction will probably have obscured the code/pattern somewhat.

    62. Re:Not Intended to be Industrial Grade by cyberchondriac · · Score: 1

      Most people use their phone after unlocking it though, which adds more smears to the screen, obliterating the pattern . Depending. If they only unlock to see if they have messages or emails though, and there are none, and they lock it again, then yeah, it's a dead giveaway.

      --

      Look back up at my post, now look back down, you're on the Internet. Now look back up. I'm a signature.
    63. Re:Not Intended to be Industrial Grade by Anonymous Coward · · Score: 0

      Android says that it's a low security option right under the button to enable it. The only thing silly is that somebody wrote an article about this.

    64. Re:Not Intended to be Industrial Grade by highphilosopher · · Score: 1

      Harder to get a would be.... To get...
      If we want your phone, we'll get the pics necessary :)

    65. Re:Not Intended to be Industrial Grade by Anonymous Coward · · Score: 0

      Yet anhttp://it.slashdot.org/story/12/06/18/184217/samsung-galaxy-s3-face-unlock-tricked-by-photograph#other reason to wear a kilt!

    66. Re:Not Intended to be Industrial Grade by viperidaenz · · Score: 1

      That's one reason I got a Motorola Defy, its apparently IP67 rated.

    67. Re:Not Intended to be Industrial Grade by RockDoctor · · Score: 1

      Shock! Horror! Users don't RTFM. Sky Falls.

      --
      Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
  3. 2011 called by SmurfButcher+Bob · · Score: 3, Insightful

    ...duh? really?

    --

    help me i've cloned myself and can't remember which one I am

    1. Re:2011 called by Nerdfest · · Score: 1

      Really. The really interesting part is that the face unlock feature has been around since the Galaxy S2.

  4. Feature... by N0Man74 · · Score: 5, Funny

    This is a "feature", not a "bug". In fact, it's a "safety feature".

    Now there is no need for someone to kill you, skin your face off, and make a mask out of it to break into your phone (like in the movies). They can just take a photo of you from a telephoto lens. Sign me up!

    1. Re:Feature... by DarthVain · · Score: 1

      Yes if movies taught me anything, biometric security will only cause evildoers to cut off your hand, thumb, eyeball to defeat the security. Sometimes when you're alive, sometimes not.

      I mean if it is something I remember, at least they have to keep me alive! Of course if you don't tell they might take your daughters nose job away...

    2. Re:Feature... by bughunter · · Score: 3, Insightful

      This is a "feature", not a "bug".

      Obviously. With all of the face-eating zombies in the news lately, Samsung thoughtfully permits you to unlock your phone with a backup of your face.

      --
      I can see the fnords!
    3. Re:Feature... by Anonymous Coward · · Score: 0

      I'm sure your daughter can live without her nose - didn't do Tycho Brahe any harm. That's gotta be way preferred to having your hand, thumb or eyeball removed!

    4. Re:Feature... by 93+Escort+Wagon · · Score: 2

      Now there is no need for someone to kill you, skin your face off, and make a mask out of it to break into your phone (like in the movies).

      But we can still do it for fun, right?

      --
      #DeleteChrome
  5. What if the owner is really ugly? by acidradio · · Score: 1

    One concern is if the owner is really hideous looking. There is the risk that it could shatter the camera lens and then the phone would NEVER unlock!

    1. Re:What if the owner is really ugly? by Anonymous Coward · · Score: 0

      Are you speaking from personal experience?

    2. Re:What if the owner is really ugly? by Anonymous Coward · · Score: 0

      You watch too many cartoons.

  6. even more dangerous... by Anonymous Coward · · Score: 5, Funny

    It would be even more dangerous if someone compiled a whole book of face photographs... i dunno, maybe they could call it a "face book" or something like this.

    1. Re:even more dangerous... by KhabaLox · · Score: 1

      i dunno, maybe they could call it a "face book" or something like this.

      If they got enough photos they could call it The Face Book, since it would be definitive.

      --
      Ceci n'est pas un sig.
  7. 2D vs 3D by gameboyhippo · · Score: 1

    I agree that nobody should rely on this for security, but I think it would be more secure if it was a 3D camera instead of a 2D one. Then it could work more similarly to Kinect. But I suppose then that someone could take a picture of a person on their Nintendo 3DS and trick the phone that way. :)

    1. Re:2D vs 3D by Anonymous Coward · · Score: 1

      Sure, just throw a low quality 3d camera on for a simple unlock feature. I'm sure it's price will stay competitive. Really. No, seriously.

    2. Re:2D vs 3D by dgatwood · · Score: 0

      Use two cameras mounted at opposite sides of the device, then compare the two images looking for parallax. Finally, compute what the shift should be based on the distance from the camera to the person (computed by looking at the focus distance for the two cameras). If the shift isn't within a narrow margin of what it should be, reject the face.

      It might be possible to trick such a setup with a 3D display, but it would not be easy. First, you would have to have an image taken using cameras that are approximately the same distance apart. Second, you would have to know how far away the person was when the photo was taken. Third, such an attack could be readily foiled by the use of polarizing filters with the same orientation on both of the two cameras.

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

    3. Re:2D vs 3D by PerfectionLost · · Score: 1

      I'm sick enough of my kinect taking a couple minutes to figure out who I am.

    4. Re:2D vs 3D by Anonymous Coward · · Score: 0

      Couple of.
      You wouldn't say "a glass water" would you?

  8. Works fine for some of us. by MasterOfGoingFaster · · Score: 1

    I'm safe. My face cracks lenses.

    --
    Place nail here >+
  9. =/= news by Anonymous Coward · · Score: 0

    The same thing is possible on the Galaxy Nexus as was found out 8 months ago.

    Face unlock was never intended to be biometric level security.

  10. No easy way to do this by sideslash · · Score: 1

    They could have the user do something like shake their head to prove that it's a 3D shape. And then somebody could write a tablet app that takes a flat photo and wraps it around a 3D, animatable head model. This could pretty much be a never-ending war of escalating sophistication.

    As long as people know it's basically a toy and a way to keep honest people out, it will be OK.

    1. Re:No easy way to do this by CCarrot · · Score: 1

      They could have the user do something like shake their head to prove that it's a 3D shape.

      I like this. Better yet, have the user be able to define or record an unlock gesture to go with the face recognition, like a nod, head shake, tilt to the side, look to one side and back, hair flip, stick out their tongue, put their hand on their nose, tug one earlobe, etc, etc, etc. One half of the recognition is based on biometrics, the other half to be based on a unique and expected movement pattern. Both are required to gain access to your phone.

      (I just want to see one stock broker sticking his tongue out at his phone, saying "whay wunt yoo unlack, yoo gaudam thone!?!"...please? Pretty please??)

      --
      "I love animals! Some are cute, others are tasty, what's not to like?" - Betsy Schroeder, Jeopardy contestant
  11. Never fool-proof by ThunderBird89 · · Score: 1

    Unless they manage to squeeze in a high-resolution thermal imager too, to verify that the face is indeed living (and maybe map out the veins, but that would require a rather sensitive imager), no face-unlock will be 100% secure. Bit higher on the scale than a slider or a pattern unlock, but waaaay lower than a PIN/password lock.

    --
    Hyperbole: I use it liberally!
    1. Re:Never fool-proof by retchdog · · Score: 1

      what's the difference between a pattern unlock and a PIN?

      --
      "They were pure niggers." – Noam Chomsky
    2. Re:Never fool-proof by ThunderBird89 · · Score: 2

      You can crack a pattern lock by looking at the glass and noting the path the finger travels across the grid. For a PIN, you have 4-8 or more distinct points on the screen, with no indication of the order. That means you're looking at at least 24 (4!) different combinations, and most phone OS-es lock out after 3-5, for increasing periods. So it frustrates cracking attempts more than a pattern unlock.

      --
      Hyperbole: I use it liberally!
    3. Re:Never fool-proof by retchdog · · Score: 1

      fair enough, i didn't consider the finger-path problem.

      --
      "They were pure niggers." – Noam Chomsky
    4. Re:Never fool-proof by repvik · · Score: 1

      That is, if the pattern does not loop back on itself. Unfortunately, last time I checked, that was impossible on Android phones.

    5. Re:Never fool-proof by Anonymous Coward · · Score: 0

      Well, with a sufficiently shallow DoF, you could do 3D imaging by sweeping the focal plane, eliminating flat pictures, anyway. With camera phones, of course, you don't have sufficiently shallow DoF...

    6. Re:Never fool-proof by DMUTPeregrine · · Score: 1

      The pattern can loop over previously activated points, they just won't activate again.
      You can also, of course, use the phone after unlocking, which will tend to swipe over the pattern. Finally, the pattern can be deliberately wiped off by the user.

      --
      Not a sentence!
    7. Re:Never fool-proof by rkww · · Score: 1

      http://people.csail.mit.edu/mrub/vidmag/

    8. Re:Never fool-proof by Anonymous Coward · · Score: 0

      Also, the pattern is usually an M. ;)

  12. We've heard this with the Galaxy Nexus by mikecase · · Score: 2

    That said, this isn't meant to be industrial grade security. Compared to no security at all, this is a big step up. The likelihood that I loose my phone in the parking lot and someone who finds it has a picture of me to unlock the phone with seems extremely slim. More likely, this would be vulnerable to attack from people I know, but even then, it's better than nothing.

  13. Solution by mdarksbane · · Score: 4, Interesting

    Use someone *else's* face as your unlock.

    Like Teddy Roosevelt.

    And then put that picture as your login screen, so it'll log you in if you point at a mirror.

    It'll still be a problem if Zombie Teddy Roosevelt steals your phone, but how likely is that...

    1. Re:Solution by Anonymous Coward · · Score: 0

      Or Benjamin Franklin. Chances are whoever steals a phone doesn't have a c-note lying about.

    2. Re:Solution by Anonymous Coward · · Score: 0

      I use my wristwatch. It's always on my arm and if my phone gets stolen, good luck figuring that out, thief!

    3. Re:Solution by XiaoMing · · Score: 4, Insightful

      Use someone *else's* face as your unlock.

      Like Teddy Roosevelt.

      And then put that picture as your login screen, so it'll log you in if you point at a mirror.

      It'll still be a problem if Zombie Teddy Roosevelt steals your phone, but how likely is that...

      So you now have a cell-phone that's only useful near mirrors.

    4. Re:Solution by Anonymous Coward · · Score: 0

      Use someone *else's* face as your unlock.

      Like Teddy Roosevelt.

      And then put that picture as your login screen, so it'll log you in if you point at a mirror.

      It'll still be a problem if Zombie Teddy Roosevelt steals your phone, but how likely is that...

      So you now have a cell-phone that's only useful near mirrors.

      Just make sure you don't venture too far from Mt. Rushmore.

    5. Re:Solution by kanto · · Score: 1

      I'm reading these "ideas" and starting to think that /. should have a urin test for posters.

    6. Re:Solution by Anonymous Coward · · Score: 0

      Well, my phone has a pretty reflective screen. I use it as a mirror for cosmetic purposes, and, at the fast food places I work, I hold it above my head to see down into the pop machine's ice holder to see how full it is. Anyways, you don't really need a mirror, you just need another $300 phone.

    7. Re:Solution by jgeiger · · Score: 2

      Use someone *else's* face as your unlock.

      Like Teddy Roosevelt.

      And then put that picture as your login screen, so it'll log you in if you point at a mirror.

      It'll still be a problem if Zombie Teddy Roosevelt steals your phone, but how likely is that...

      So you now have a cell-phone that's only useful near mirrors.

      And completely useless if you're a vampire.

    8. Re:Solution by gman003 · · Score: 1

      Look, zombie or not, if Teddy Roosevelt wants your phone, HE WILL GET IT.

    9. Re:Solution by Jarik+C-Bol · · Score: 1

      and at the same time, I think that anyone doing anything new with any sort of technology needs to post their idea on /. to be told all the ways they are doing it wrong, thus getting valuable feedback on how to improve it. Because from what I've seen, /. is a panel of experts on how EVERYTHING is being done wrong.

      --
      I've decided to Diversify my Holdings. I've divided my cash between my left and right pockets, instead of all in one.
    10. Re:Solution by callmebill · · Score: 1

      ha! where are my mod points?

    11. Re:Solution by CubicleView · · Score: 1

      The silver surfer could probably unlock the phone as well.

    12. Re:Solution by gsslay · · Score: 1

      Like you don't have a picture of Teddy Roosevelt in your wallet?

    13. Re:Solution by ignavus · · Score: 1

      Use someone *else's* face as your unlock.

      Like Teddy Roosevelt.

      And then put that picture as your login screen, so it'll log you in if you point at a mirror.

      It'll still be a problem if Zombie Teddy Roosevelt steals your phone, but how likely is that...

      So you now have a cell-phone that's only useful near mirrors.

      And you now have a cell-phone that can be broken into by anyone else who is carrying a mirror or who is near a mirror. They just have to watch you log in once ...

      --
      I am anarch of all I survey.
  14. What's the Slashbox for? by Anonymous Coward · · Score: 1

    You can put your weed in there!

    1. Re:What's the Slashbox for? by Anonymous Coward · · Score: 1

      dude: This place is full of weed and it's all HIS!

      cop: what's that in your pocket?

      dude: weeeeed.

  15. This just in... by jbrizz · · Score: 1

    Face recognition recognises faces.

  16. Re:=/= news Mythbusters by Jeng · · Score: 1

    On Mythbusters when checking out different security devices they found that you can fool a fingerprint scanner with a paper copy of the fingerprint.

    http://en.wikipedia.org/wiki/MythBusters_(2006_season)#Fingerprint_Lock

    --
    Don't know something? Look it up. Still don't know? Then ask.
  17. Possible solution... by FridayBob · · Score: 3, Insightful

    Equip the phone with two or more cameras so that the user's face can be verified in 3D, thus making it a lot harder to fool the system with one or more 2D pictures.

    1. Re:Possible solution... by Anonymous Coward · · Score: 1

      Wrap a photo around a tennis ball as a circumvention?

    2. Re:Possible solution... by Anonymous Coward · · Score: 0

      Better would be to use a Kinect-like system with 3D depth sensor. Of course those systems don't work well in the sun or any time there is a strong infrared source nearby.

    3. Re:Possible solution... by ongelovigehond · · Score: 1

      Or ask the user to turn their head ...

    4. Re:Possible solution... by Anonymous Coward · · Score: 0

      So that it can be broken with two photos instead of one?

    5. Re:Possible solution... by Anonymous Coward · · Score: 0

      Or have two-factor auth - face unlock and fingerprint

  18. So what? by ettusyphax · · Score: 1

    It can also be bypassed by anyone with a computer, and so can those other "security methods." Actually, calling them "security" is a bit of a misnomer - it's more like a temporary privacy screen. Next you'll be telling me my laptop is insecure because someone could chop off my finger and use it to log in to Windows with my fingerprint scanner - yeah, or they could use any one of a thousand boot discs that bypass the Windows log-on process entirely. The face scanner, like the finger printer scanner (when set up for Windows log-in, not as part of a PKI or similar) is just an ease-of-use thing designed to keep your co-workers from picking up your phone or laptop and seeing all that Lego porn you've got on there.

  19. Doh! by Anonymous Coward · · Score: 0

    How do you think they QA'd it. with real people! Ha HA hA!

    CAPTCHA = acetone

  20. Um by Jethro · · Score: 1

    That... uh... so you're tricking the phone into thinking it's seeing you by showing you a picture of yourself which I assume looks like you?... it's not exactly supposed to be doing a retina scan.

    --


    In the land of the blind, the one-eyed man is kinky.
  21. This is old... by Anonymous Coward · · Score: 0

    ..you can do this to all laptops using the same trick

    probably because the photo becomes so general that after awhile it has a very high tolerance

    but as said, this is old news

  22. Why not face unlock plus pin by esten · · Score: 1

    Since most pin/swipe patterns are limited in security why not combine face unlock with a pin. Add a little security without much hassle for user.

  23. Solution: Silly faces! by LordRobin · · Score: 4, Funny

    There's an easy solution! Just cross your eyes and stick out your tongue when taking the security image! Of course, the people on the bus might think you're a little looney each time you unlock your phone, but that's the price you pay for security!

    ------RM

    1. Re:Solution: Silly faces! by gbjbaanb · · Score: 2

      and what's more - you can't accidentally unlock the phone just be picking it up, which could be awkward if youy're on the bus and the person behind/next to you sees what you were doing with it before it locked last....

    2. Re:Solution: Silly faces! by Anonymous Coward · · Score: 0

      Yeah, like Mr. Bean in the Bean movie poses for his passport photo

  24. Old news - Also, not a real issue. by Petron · · Score: 1

    As seen on Youtube.

    and not just Samsung Galaxy S3, but any phone with Android 4.0 (ICS) with face unlock active. My EVO 4g LTE can be fooled the same way, but what is the odds that some random person just happens to have a picture of me? It's more likely they could guess my pin/pattern.

    --
    if (it != oneThing) it = another;
  25. Informed decision? by astrodoom · · Score: 4, Insightful

    No information on the test they performed whatsoever, no shots of the photos used, no information on how they overcame (or if they did at all) the supposed blinking requirement. This news site has a low opinion of their readers to not even include the simplest information.

  26. Something Tell Me a Face (Even if Trickable) is by MikeyC01 · · Score: 1

    Still more secure than PINs of 1234, 0000, etc and passwords of (well) "password", "god", "joshua", etc

  27. Last I checked.... by SIR_Taco · · Score: 4, Informative

    Last I checked on my Samsung Galaxy SII (with ICS 4.0.3), the "Face Unlock" feature was aptly labeled as "Low Security, Experimental".

    The only item marked as "High Security" is the password option.

    I don't have an S3, but from what I've read the UI/OS version is pretty close at the moment (4.0.3 vs. 4.0.4). And I do believe, correct me if I'm wrong, that "Face Unlock" is still labeled the same.

    --
    I say don't drink and drive, you might spill your drink. Before you get behind the wheel just stop and think.
    1. Re:Last I checked.... by Anonymous Coward · · Score: 0

      Last time I checked, we (my coworkers and I) could unlock an SII with ANY of our faces. Let alone a picture.

  28. It's more trouble... by The+Grim+Reefer · · Score: 1

    Than the simple slide lock. I know a few people who use a PIN to lock their phone. But most people I know do not, including myself. I would think the face recognition would be the equivalent of a slide lock. And depending on how it works, perhaps more convenient (I never saw how it works on the phone). Was it advertised as a way to keep the NSA out of the phone? Or as a replacement for a keeping you from butt dialing people? If the latter, then I don't see the problem.

    1. Re:It's more trouble... by Anonymous Coward · · Score: 0

      Than the simple slide lock. I know a few people who use a PIN to lock their phone. But most people I know do not, including myself. I would think the face recognition would be the equivalent of a slide lock. And depending on how it works, perhaps more convenient (I never saw how it works on the phone). Was it advertised as a way to keep the NSA out of the phone? Or as a replacement for a keeping you from butt dialing people? If the latter, then I don't see the problem.

      The problem is if you're ugly enough that your butt and your face are indiscernible from one another... back to slide to unlock.

  29. improve with pin by kipsate · · Score: 1

    Security can easily be improved by the use of a 4 digit pin-code which is to be tattooed to the forehead of the owner and automatically read using OCR.

    --
    My karma ran over your dogma
  30. What't the problem? by Fuzzums · · Score: 1

    With the SII it also works. I took a picture with one phone and showed to the other phone to unlock it.
    That works. No problem.

    But I think it's also marked as insecure, so this wasn't really a surprise actually.

    --
    Privacy is terrorism.
  31. Swipe PIN is apparently better by sl4shd0rk · · Score: 1

    Seems to stump the FBI.

    http://www.geekosystem.com/fbi-cant-crack-pimp-phone-pattern-lock/

    --
    Join the Slashcott! Feb 10 thru Feb 17!
  32. Apple fans are shocked... by Anonymous Coward · · Score: 0

    ...their device would never recognize a face from a mere photograph!

  33. Never fails... by Anonymous Coward · · Score: 0

    My voice is my password, please verify me...

    1. Re:Never fails... by Cosgrach · · Score: 2

      My voice is my PASSPORT.

      There, fixed that for you.

      --
      Why is it that most of the people that I encounter seem to have been shat from the Sphincter of Mediocrity?
  34. Security 101 by Anonymous Coward · · Score: 1

    Something you are...
    Something you have...
    Something you know...

  35. of course its only using a single camera! by Anonymous Coward · · Score: 1

    Of course you can unlock with a picture of the user! I have no seen this particular model from samsung but if it is like most other smart phones it only has a single camera. It is doing face recognition on 2 dimensions, which though powerful, has its limitations.

    To the phone the whole world only has two planes!

    the best solution to this would be to use 3-D face recognition, which would involve having two cameras on the phone side by side, to do stereo imaging.

    of course this is not full proof either, because you could a bust (sculpture) of a person to trick it as well. But unless your an old european dude or a founding father its highly unlikely.

  36. Face unlock is not a security feature by Anonymous Coward · · Score: 4, Insightful

    It's not a security feature and it should not be. It's there for convenience. nothing more.
    It's just like slide to unlock, but all you have to do is look at the camera and voila :)

  37. Someone is telling you by Anonymous Coward · · Score: 2

    that starting your post in the subject and continuing in the body is bad form.

    By "someone" I mean me.

    With this reply.

    Don't do it.

    Ever.

  38. That's an easy one! by Anonymous Coward · · Score: 0

    Just do a funny face when setting up your unlock picture.

  39. Use another body part. by couchslug · · Score: 1

    Use another body part.

    "Goat Unlock"?

    --
    "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
  40. why even report this by Anonymous Coward · · Score: 0

    THis has been reported before on when Face unlock first came out and its not like theres been a new release of it touting better security or anything. Google Advise this is low security. Why is this news ?

  41. You're the one who brought up zombies, so... by Cajun+Hell · · Score: 1

    What if my login screen uses a picture of a vampire?

    --
    "Believe me!" -- Donald Trump
  42. Fifth Element by goodmanj · · Score: 1

    Gimme the cassssh!

    http://www.youtube.com/watch?feature=endscreen&NR=1&v=nah_3vO0uhM

  43. Use a print of... by Zaiff+Urgulbunger · · Score: 1

    Use a print of goatse.cx and you'll always be safe in the knowledge that even if you forget to carry the print with you, you can still, at a push, access your phone! :D

    1. Re:Use a print of... by gmhowell · · Score: 1

      Use a print of goatse.cx and you'll always be safe in the knowledge that even if you forget to carry the print with you, you can still, at a push, access your phone! :D

      If your face looks like that, you've got more problems than mere phone security.

      --
      Jesus was all right but his disciples were thick and ordinary. -John Lennon
    2. Re:Use a print of... by Zaiff+Urgulbunger · · Score: 1

      No, I was actually thinking more along the lines of squatting down over the phone.... yeah, I guess it would be a bit of a stretch!

      badum tishhh! ;)

  44. Also tricked by decaptiated head of owner. by Anonymous Coward · · Score: 0

    Security researchers also were able to trick the phone by decapitating the owner and using the head to unlock the phone.

  45. Re:2011 called and it's old news by noc007 · · Score: 1

    It's an ICS feature and has been compromised with this trick since it was released:
    http://www.youtube.com/watch?v=BwfYSR7HttA

  46. Uhm... Is this new? by Anonymous Coward · · Score: 0

    Back in 2008 I had a face-unlock feature-phone in Japan, and they have been around a lot longer than that, so how is the Samsung one different than the one I had?

    Put it another way, we're all supposed to be smart people here - the phone only has a 2D camera, presumably, so it can only compare what you looked like before to what you look like now and see how similar it is. A good photo of you is going to work well. Even if it could measure the distance to gauge the size of your head, the attacker could still use a real-life-size photo to unlock it.

    Presumably if you drop your phone on the train or something, the person who picks it up won't even know you, much less have your photo.

  47. Can anybody find meeee by Anonymous Coward · · Score: 0

    Somebody to loooooove.

  48. Samsung: use an Infrared face detector like Siri by sonamchauhan · · Score: 1

    Apple Siri uses an Infrared light based face detection sensor on the current IPhone to reliably detect a human face is being held in front of it.

    Using Face unlock in combination with such a sensor would defeat simple photo-based attacks.

  49. double lolz by slashmydots · · Score: 1

    So instead of a password to get in, you can use a password OR a facial recognition system. What improved security!
    But, the question is, can it recognize black people? (see HP's awesome facial recognition "oversight")

  50. Beta? by jampola · · Score: 1

    At least on my Galaxy Note with the ICS 4.0.4 update and it clearly states it's in Beta in the menu options. Not sure if it's also at Beta status on the SGS3 but honestly speaking, only a fool would rely solely on facial recognition.

  51. A quick fix comes to mind... by Rooked_One · · Score: 1

    and I don't even own a smartphone... Just make an extremely goofy face that you'd never have in a picture.

    problem solved.

  52. Re:=/= news Mythbusters by Anonymous Coward · · Score: 0

    The funny thing is it was the more expensive fingerprint locks that were vulnerable to the paper copy attack. The cheap computer finger scanner require a sophisticated mold.

  53. Against tech geeks by Anonymous Coward · · Score: 0

    Not everybody tries to "break" into your phone. We have one of those nerdy colleagues who doesn't know the limits of "own" and "others" phones. He starts using them as if they were his own phones. He wants to "unlock" your phone by sliding and read your email and text messages etc. But he doesn't try to circumvent any existing security measures.

  54. They should sweep the camera from left to right by dovgr · · Score: 1

    Instead of using a single image they should use a video recorded while sweeping the phone in a semicircle in front of your face, possibly while making a prerecorded funny face at the same time. Try beating that with a photograph! If someone patent this idea, I want to have my share. Slashdot counts as prior art, doesn't it?

  55. This form of security isn't for security. by Anonymous Coward · · Score: 0

    It's for protection.

    It's to stop someone being able to take your phone/tablet/laptop and then getting at the contents. To that end, having to remember and type in CORRECTLY (with the risk of completely bricking your device for getting it wrong too often) is far too great a cost for the benefit: nobody WANTS what you have on that device enough to bother.

    If you have something you need SECURED from deliberate rather than opportunistic attack, then you'd use the more cumbersome methods that are secure and count those costs and risks worth the protection of such valuable and secret a data set.

    Most company laptops don't have highly secret and valuable data on them. These methods are merely an easier way to allow you to say to the corporate server "I am me". So as a form of identification for a computer, this is fine. After all, your face is how humans recognise you. Yet that recognition is frequently bypassed (how many times have you mistaken someone for someone else?).

    Part of the problem here will be the marketing for these methods. The marketing is marketing them as security methods. To be used instead of any password or two-factor authentication method. It is not.

    You don't use one-time cypher pads to lock your home computer, do you? Those are more secure than passwords alone. But you don't use them, do you. Because they're not worth the effort.

    These authentication methods are condoms replacing the chastity belt of passwords. We don't use themfor the same thing, even though they can manage to do some of the work of each other (you can't get pregnant if your chastity belt works, but you wouldn't give your wife a pack of condoms to protect against infidelity when you would otherwise have used a chastity belt).

  56. Re:Samsung: use an Infrared face detector like Sir by Anonymous Coward · · Score: 0

    No it wouldn't.

    There is no infrared "sensor" on the iPhone; all digital cameras pick up on infrared light. Infrared light would be no different to a camera than using face unlock under any coloured light.

  57. Re:Samsung: use an Infrared face detector like Sir by quacking+duck · · Score: 1

    Not quite. Siri has activated a number of times when the screen was still on and I put it in my pocket. Even if locked, e.g. I pull it out to check time, put it back in pocket before screen goes black. This hasn't resulted in a pocket dial yet, but it's at least possible.

  58. Samsung Galaxy S III by Anonymous Coward · · Score: 0

    Visit http://samsunggalaxysiiicellphone.com/ to get best price and deals for Samsung Galaxy S III