Android Ice Cream Sandwich Face Unlock Tricked by Photo (but It’s Only a Trick)

Can Face Unlock on Android 4.0 Ice Cream Sandwich be fooled by a photo? Google says no, but one person has video proving otherwise. Sure looks convincing, but there’s a trick.

When the Face Unlock feature on Android 4.0 was announced, some folks were quick to point out that facial recognition can be fooled with a photo.

Google responded to that criticism just as quickly to assure users they had measures against that. Without an Android 4.0 device in the wild, neither could be proven… until a blogger from SoyaCincau got his hands on a Galaxy Nexus at a show and posted this video.

Galaxy Nexus Face Unlock

Unlock the Nexus With Your Face

Skeptics are claiming he registered the photo in the Galaxy Nexus’ Face Unlock, and not his actual face. He has solidly denied this, and I believe him. Not because of any faith in his honesty, but because I’ve done this same trick with facial recognition before.

Advertisement

During my review of the HP Elitebook 2760p, I put its facial recognition (paired with Bluetooth authentication for security) to the test in a Shortcut video. Testing with a variety of self-portraits already on my iPhone yielded no hits. None of them could unlock the 2760p. But a photo of myself taken on the spot, using the same angle and expression I had registered for facial recognition, unlocked it immediately.

See, current facial recognition technology requires a straight-on view of your face for both registration and recognition. A typical photo of you probably will not fit that parameter (unless you take a lot of mugshots). This is why I previously suggested establishing a “login face” with an expression you don’t normally use (i.e., not smiling like you’re posing for a photo). But it is possible to take a photo of yourself with that expression under those conditions and use that for facial recognition.

That appears to be what they did with the Galaxy Nexus at SoyaCincau. It looks unintentional as they appear to have established the test on the spot. Furthermore, it is normal to look directly at the front camera when taking a self-photo, which is also required to register your face for recognition.

Ultimately, I think neither side is really wrong about Face Unlock on Android 4.0. Yes, it was fooled with a photo, but based on my experience with the 2760p, I doubt it can be just any photo. I’m sure that theory will be thoroughly put to the test once the Galaxy Nexus reaches reviewers.

(Update: Here’s the video of the facial recognition setup)

Hat tip to The Next Web

Comments

  1. Reshad Al Rabeh says

    To be honest, does it really matter? As far as I’m aware, facial recognition at a consumer level was never meant for increased security. I think the major advantage to this feature on upcoming ICS phones is how quickly you can unlock these things! I recall watching a video of a reviewer using the Galaxy Nexus, and on first setup it took 4-5 seconds to create a lock, and all subsequent locks barely took a second.

    • Sumocat says

      I believe current biometric systems are conveniences, not security, but unfortunately most people relate the term “unlock” with security.

  2. Jonathan Wong says

    I’m surprised no one has thought of a better idea to solve this.  I personally have a good idea to prevent pictures from being used so I’d lvoe to be able to implement it once ICS is open source but alas, I can’t program.

    Oh and does anyone know specifically who is works on teh facial recognition and can I ahve their contact info?

  3. freedune says

    Lenovo has had an added feature since a long time to avoid this precise trick.  You can enable an option where you have to register your face while turning your head around (as if saying a deliberate and emphatic ‘No’), and every time you want to unlock it, you have to do it again.  The software creates a polygonic 3D image of your head that it uses for comparison, IIRC.  Google could have thought of including such a  measure.

Leave a Reply