Face Unlock, a new security feature within Google’s new Ice Cream Sandwich Android update that allows handset owners to unlock their device using Android’s face recognition capabilities, appears to suffer from an issue that will allow a photo the handset owner to unlock a device, a new video posted to SoyaCincau.com suggests.
Security concerns were first raised when the feature was unveiled at the Ice Cream Sandwich and Galaxy Nexus launch in Hong Kong last month, where is was discussed that a photo could easily bypass Google’s new security measure.
Koushik Dutta (Koush), the lead developer of popular Android aftermarket firmware CyanogenMod, remarked at the time that “the face recognition unlock thing is really easily hackable. Show it a photo”. However, Google’s Android-focused Developer Advocate Tim Bray, was quick to point out that it was not the case, and that people should give the search giant some credit.
SoyaCincau offers proof in the form of a video that was recorded at a recent Samsung event, where the Galaxy Nexus and the new Galaxy Note were on display. Using a photo taken on the Note and setting the Galaxy Nexus to recognise his face, Android’s Face Unlock feature was bypassed three times to show to demonstrate the issue:
The creator of the video says that he programmed the feature to recognise his face (not photo) before recording the video, whether this is true is unknown.
If it is authentic and the feature can be defeated using a photograph, Android device owners running the new Ice Cream Sandwich update may have to be a little more vigilant and ensure that they utilise additional security practices so that their devices cannot be accessed if they are taken without permission.