Android Ice Cream Sandwich Face Unlock Tricked by Photo (but It’s Only a Trick)
Can Face Unlock on Android 4.0 Ice Cream Sandwich be fooled by a photo? Google says no, but one person has video proving otherwise. Sure looks convincing, but there’s a trick.
When the Face Unlock feature on Android 4.0 was announced, some folks were quick to point out that facial recognition can be fooled with a photo.
Google responded to that criticism just as quickly to assure users they had measures against that. Without an Android 4.0 device in the wild, neither could be proven… until a blogger from SoyaCincau got his hands on a Galaxy Nexus at a show and posted this video.
Skeptics are claiming he registered the photo in the Galaxy Nexus’ Face Unlock, and not his actual face. He has solidly denied this, and I believe him. Not because of any faith in his honesty, but because I’ve done this same trick with facial recognition before.
During my review of the HP Elitebook 2760p, I put its facial recognition (paired with Bluetooth authentication for security) to the test in a Shortcut video. Testing with a variety of self-portraits already on my iPhone yielded no hits. None of them could unlock the 2760p. But a photo of myself taken on the spot, using the same angle and expression I had registered for facial recognition, unlocked it immediately.
See, current facial recognition technology requires a straight-on view of your face for both registration and recognition. A typical photo of you probably will not fit that parameter (unless you take a lot of mugshots). This is why I previously suggested establishing a “login face” with an expression you don’t normally use (i.e., not smiling like you’re posing for a photo). But it is possible to take a photo of yourself with that expression under those conditions and use that for facial recognition.
That appears to be what they did with the Galaxy Nexus at SoyaCincau. It looks unintentional as they appear to have established the test on the spot. Furthermore, it is normal to look directly at the front camera when taking a self-photo, which is also required to register your face for recognition.
Ultimately, I think neither side is really wrong about Face Unlock on Android 4.0. Yes, it was fooled with a photo, but based on my experience with the 2760p, I doubt it can be just any photo. I’m sure that theory will be thoroughly put to the test once the Galaxy Nexus reaches reviewers.
(Update: Here’s the video of the facial recognition setup)
Hat tip to The Next Web