Android's face unlock feature could be fooled by photo

By Lee Kaelin on October 21, 2011, 3:00 PM

Face Unlock, one of the flagship features of the newly released Android 4.0 "Ice Cream Sandwich" mobile operating system, enables users to unlock their phones via facial recognition rather than a PIN code or by using other security credentials. But there might be a security risk involved, if recent reports are to be believed, as the feature can apparently be fooled by holding a picture of the phone's user to the camera.

The new feature works by recognising pre-registered faces, though questions were raised during the Ice Cream Sandwich keynote address when the phone of Matias Duarte, Google's head of user experience, struggled to identify him and unlock the phone possibly due to poor background lighting. A Google spokesperson said the feature would "only get better," highlighting that the technology was still in its infancy. The same representative also conceded that logging into the phone by using a photograph of the pre-registered owner "could" possibly also work.

Google acquired the technology used for facial recognition earlier this year when it purchased PittPatt, a startup company spun out of Carnegie Mellon University. The technology they developed uses “tools to search images for faces, determine if faces are the same person, track faces in video sequences, and pinpoint constituent landmarks in faces using a straightforward C-language interface.” Similar technology has also been used in past research with some accuracy to predict social security numbers from pictures of people.

In response to comments on Twitter that the feature could be fooled by a picture, Tim Bray, who works on the Android platform responded "Nope. Give us some credit."  While there is no doubt that Google has much to refine regarding the new Face Unlock feature, these security concerns might still cause the search giant some embarrasment at a time when the mass media and consumers alike are showing heavy interest in the new Android release.




User Comments: 9

Got something to say? Post a comment
Guest said:

Thank you for getting rid of those useless "recommendations" in the bottom corner of my screen.

SammyJames said:

Oh, goodness. Thanks to Google's facial recognition technology, I'll always be able to open my session up again on my Android phone. If I had to use my REAL face, there would be a problem -- because I'm a shape-shifter from Pluto. My face changes every five minutes or so, depending on which CNN anchor I happen to be watching on television...

In other words: I'm going to have to use Wolf Blitzer's photo to log in... okay. This post makes no sense. I need more coffee.

Rasta211 said:

Guest said:

Thank you for getting rid of those useless "recommendations" in the bottom corner of my screen.

I agree with this statement and I'm equally thankful.

gwailo247, TechSpot Chancellor, said:

Rasta211 said:

Guest said:

Thank you for getting rid of those useless "recommendations" in the bottom corner of my screen.

I agree with this statement and I'm equally thankful.

What's wrong with re-reading an old gem from March 2010?

aj_the_kidd said:

Rasta211 said:

Guest said:

Thank you for getting rid of those useless "recommendations" in the bottom corner of my screen.

I agree with this statement and I'm equally thankful.

Ditto

Back to the article, was never going to use that function anyway so big for me either way. I prefer the pattern code, its quick and easy.

Staff
Steve Steve said:

I guess it would go something like this...

"Hello stranger that I just met, please hold still while I take a photo of your face (don't smile). I will be back soon once I have printed off this unrelated image to then steal your phone."

Guest said:

Of course it can be unlocked with a photo, as if a phone camera is going to know the difference. This problem is well known with facial recognition technology, as well as it being flakey as **** in general. And no, you wouldn't have to do anything as obvious as take a photo of the person you're stealing a phone from when you can just track people down on Facebook/Twitter/tumblr/Flickr/whatever social networking site is in vogue this week. That's not even the main issue anyway, it's about spouses, parents, children, friends, employers, etc. being able to snag your phone when your back is turned and get into it via a photo and snoop your messages, emails, contacts and such.

Staff
Steve Steve said:

Sorry should have held up my sarcasm sign :P

In any case at this stage I would say it is more of a bragging rights kind of feature, you are not exactly going to protect your closest secrets with it.

tehbanz tehbanz said:

my closest secret is my indentity! I wear a ski mask 24/7, even while making love, will it still detect my face? or will it detect everyone and anyone wearing a ski mask? dun dun dun!

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.