Slashdot Mirror

← Back to Stories (view on slashdot.org)

Samsung Galaxy S3 Face Unlock Tricked By Photograph

Posted by samzenpus on from the a-picture-is-worth-a-thousand-passwords dept.

AlistairCharlton writes with a story about an Android Face unlock security system that could use some tweaking. "Android's Face Unlock security on the Samsung Galaxy S3 can be tricked into unlocking the phone by showing it a photograph of the owner. In a test carried out by IBTimes UK, we found that the Galaxy S3 cannot distinguish between a photograph and a real person, leading us to suggest users should select a more secure way of locking the phone, such as with a PIN or password."

7 of 174 comments (clear)

  1. Can you see it? by alexbgreat · · Score: 5, Funny

    This is my shocked face...

  2. Not Intended to be Industrial Grade by nahdude812 · · Score: 5, Insightful

    Face unlock is not intended to be industrial grade security. By its nature it has to be tolerant to unlocks (it would suck if you couldn't unlock your phone after a haircut or beard trim, for example). It's intended to prevent casual perusal by someone who finds the phone sitting around. They've added some little things like requiring some movement in the face (eg, blinking), so it's mildly surprising that a static photo can trick it. But it's not especially worrying either - again, it's meant to be one step above slide to unlock.

    It's almost like stating that the standard "slide to unlock" is insecure because anyone can slide that button! The statement is true, but it misses the point.

    Also, a quote from Samsung taken directly FTFA:

    "Therefore, users with sensitive information on their phone are advised to use higher-protection security features, such as pattern, pin, or password unlock."

    --
    Slay a dragon... over lunch!
    1. Re:Not Intended to be Industrial Grade by KhabaLox · · Score: 5, Funny

      Want security, pick a strong passsword.

      Exactly. That's why I use a picture of Rainer Wolfcastle for my Galaxy.

      --
      Ceci n'est pas un sig.
    2. Re:Not Intended to be Industrial Grade by liquidsin · · Score: 5, Funny

      just use a picture of your balls; in theory it should be easier to keep would-be hackers from getting a picture of your balls, and it's only slightly awkward to shove your hand down the front of your pants every time you'd like to use your phone.

      --
      do not read this line twice.
    3. Re:Not Intended to be Industrial Grade by CCarrot · · Score: 5, Funny

      Actually I see this as preventing the casual phone check by a police officer. It becomes a locked container and they then legally have to go to more extremes to open it. In some cases a warrant.

      Or they just hold it up 'Is this your phone, sir? Oh look, it's unlocked...'

      --
      "I love animals! Some are cute, others are tasty, what's not to like?" - Betsy Schroeder, Jeopardy contestant
  3. Feature... by N0Man74 · · Score: 5, Funny

    This is a "feature", not a "bug". In fact, it's a "safety feature".

    Now there is no need for someone to kill you, skin your face off, and make a mask out of it to break into your phone (like in the movies). They can just take a photo of you from a telephoto lens. Sign me up!

  4. even more dangerous... by Anonymous Coward · · Score: 5, Funny

    It would be even more dangerous if someone compiled a whole book of face photographs... i dunno, maybe they could call it a "face book" or something like this.