Slashdot Mirror

← Back to Stories (view on slashdot.org)

Samsung Galaxy S10 Facial Recognition Fooled by a Video of the Phone Owner (zdnet.com)

Posted by msmash on from the security-woes dept.

Experts have proven once again that facial recognition on modern devices remains hilariously insecure and can be bypassed using simple tricks such as showing an image or a video in front of a device's camera. From a report: The latest device to fall victim to such attacks is Samsung Galaxy S10, Samsung's latest top tier phone and considered one of the world's most advanced smartphones to date. Unfortunately, the Galaxy S10's facial recognition feature remains just as weak as the one supported in its previous versions or on the devices of its competitors, according to Lewis Hilsenteger, a smartphone reviewer better known as Unbox Therapy on YouTube. Hilsenteger showed in a demo video uploaded on his YouTube channel last week how putting up a video of the phone owner in front of the Galaxy S10 front camera would trick the facial recognition system into unlocking the device.

9 of 60 comments (clear)

  1. 3D and IR by goombah99 · · Score: 5, Insightful

    There's a reason apple went with costly 3D imaging. Yes of course there's the prospect of spoofing it with a 3D mask but that's a pretty invasive and premeditated attack. You can't do it on the fly like a video. As has been noted many times, given some preparation it's possible to spoof fingerprint scanners. indeed it seems it's probably easier to spoof fingerprint scanners in many implementations.

    --
    Some drink at the fountain of knowledge. Others just gargle.
    1. Re:3D and IR by goombah99 · · Score: 2

      I thought the reason they used ultrasonic was because it's more compatible with going through the screen. And the reason they used 3D ultrasonics is because it takes more information than the simple ultrasonic reflectance to decode the uniqueness. I don't think it was motivated by disriminating fakes. That was just a nice benefit for making phantom fingers harder to create in hindsight.

      --
      Some drink at the fountain of knowledge. Others just gargle.
    2. Re:3D and IR by SuperKendall · · Score: 2

      I can unlock the iPhone 8 without looking at it

      Aren't you going to be looking at it at some point? What value is there in unlocking a phone you do not see.

      with the face recognition I have to hold the thing in front of my face which is annoying.

      Lots more annoying to have to take gloves off in winter to unlock a device, or even to have to think about unlocking at all. With FaceID I don't think about unlocking, I pull out the phone and it's unlocked by my holding it.

      --
      "There is more worth loving than we have strength to love." - Brian Jay Stanley
    3. Re:3D and IR by shilly · · Score: 2

      Someone can unlock your phone by pointing it at your face, perhaps while you are asleep, even with the Apple system.

      Confidently wrong. I like your style!

      "When a face is detected, Face ID confirms attention and intent to unlock by detecting that your eyes are open and directed at your device"
      FaceID security white paper

  2. It's an ongoing escalating war by cellocgw · · Score: 2

    Consider all the flap about recent AI systems generating artificial head shots that most people can't distinguish from real photos. An algorithm that can create those can, with some existing add-ons, analyze a photo and decide what the Z-axis values are, thus producing a 3-D object. Might be a bit more difficult to fabricate, but I bet these phones can't tell what size the "head" they're looking at is.
    If they could capture cicadic movement, that might be cool, but I don't think the cameras have the frame rate to do so.

    --
    https://app.box.com/WitthoftResume Code: https://github.com/cellocgw
  3. Re:Another reason not to like "Face ID" by UnknowingFool · · Score: 3, Informative

    Apple’s Face ID relies on 3D imaging so a video or photo doesn’t work. Other implementations of facial recognition does not so they are susceptible to different attacks.

    --
    Well, there's spam egg sausage and spam, that's not got much spam in it.
  4. Samsung Doesn't Recommend You Use it by Paxtez · · Score: 2

    They specifically call it a low security type lock. The iris scanner was removed to make the hole punch smaller.

    The recommend using the fingerprint for biometrics.

  5. Use the 3d fingerscanner instead by Anonymous Coward · · Score: 2, Insightful

    If I recall corectly, Samsung were pretty upfront about this, that the face scanning is less secure than the fingerprint scanner.

    It's not a bug, it's by design. :)

  6. Sunglasses should work by SuperKendall · · Score: 2

    Wearing sunglasses in the car

    All of the sunglasses I have work fine with the iPhone X, just make sure what you use does not block IR.

    Sitting in my car after I get home at night (too dark)

    FaceID works in pitch blackness since it uses an IR emitter to illuminate your face. It cannot be "too dark" for it to work. I use it at night in unlit rooms... and also at night in my car.

    Wearing my gamma rays and turtle beach while playing games

    Why does this not work. FaceID is pretty flexible.

    If you really truly need to wear something that will not pass IR all the time, train your face with that on as an alternate face and disable the attention requirement so it doesn't need to see your eyes to unlock.

    I was hoping the X would allow my thumb at the bottom.

    Not quite sure I follow, what does "allow my thumb at the bottom" mean?

    I've had the iPhone X since last year and I miss nothing about TouchID at all, I find FaceID vastly better in every way.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley