Clicky

Android Ice Cream Sandwich Face Unlock Tricked by Photo (but It’s Only a Trick)

By  |  8 Comments

Can Face Unlock on Android 4.0 Ice Cream Sandwich be fooled by a photo? Google says no, but one person has video proving otherwise. Sure looks convincing, but there’s a trick.

When the Face Unlock feature on Android 4.0 was announced, some folks were quick to point out that facial recognition can be fooled with a photo.

Google responded to that criticism just as quickly to assure users they had measures against that. Without an Android 4.0 device in the wild, neither could be proven… until a blogger from SoyaCincau got his hands on a Galaxy Nexus at a show and posted this video.

Galaxy Nexus Face Unlock

Unlock the Nexus With Your Face

Skeptics are claiming he registered the photo in the Galaxy Nexus’ Face Unlock, and not his actual face. He has solidly denied this, and I believe him. Not because of any faith in his honesty, but because I’ve done this same trick with facial recognition before.

During my review of the HP Elitebook 2760p, I put its facial recognition (paired with Bluetooth authentication for security) to the test in a Shortcut video. Testing with a variety of self-portraits already on my iPhone yielded no hits. None of them could unlock the 2760p. But a photo of myself taken on the spot, using the same angle and expression I had registered for facial recognition, unlocked it immediately.

See, current facial recognition technology requires a straight-on view of your face for both registration and recognition. A typical photo of you probably will not fit that parameter (unless you take a lot of mugshots). This is why I previously suggested establishing a “login face” with an expression you don’t normally use (i.e., not smiling like you’re posing for a photo). But it is possible to take a photo of yourself with that expression under those conditions and use that for facial recognition.

That appears to be what they did with the Galaxy Nexus at SoyaCincau. It looks unintentional as they appear to have established the test on the spot. Furthermore, it is normal to look directly at the front camera when taking a self-photo, which is also required to register your face for recognition.

Ultimately, I think neither side is really wrong about Face Unlock on Android 4.0. Yes, it was fooled with a photo, but based on my experience with the 2760p, I doubt it can be just any photo. I’m sure that theory will be thoroughly put to the test once the Galaxy Nexus reaches reviewers.

(Update: Here’s the video of the facial recognition setup)

Hat tip to The Next Web

Alleged Apple fanboi, accused Android apologist, and confirmed Microsoft MVP for touch and tablet Mark Sumimoto a.k.a. Sumocat dabbles in all areas of mobile computing with a focus on Windows-based Tablet PCs and pen input. A mobile computing enthusiast since 2004, he pioneered the field of ink blogging via his personal blog, Sumocat's Scribbles. His current tools include a Fujitsu Lifebook T900, TEGA v2, and iPhone 4. Email: sumocat [at] notebooks.com

8 Comments

  1. Reshad Al Rabeh

    11/11/2011 at 1:16 pm

    To be honest, does it really matter? As far as I’m aware, facial recognition at a consumer level was never meant for increased security. I think the major advantage to this feature on upcoming ICS phones is how quickly you can unlock these things! I recall watching a video of a reviewer using the Galaxy Nexus, and on first setup it took 4-5 seconds to create a lock, and all subsequent locks barely took a second.

    • Sumocat

      11/11/2011 at 1:38 pm

      I believe current biometric systems are conveniences, not security, but unfortunately most people relate the term “unlock” with security.

  2. Shmekid

    11/11/2011 at 2:30 pm

    I believe he said he programmed it to the picture on his phone, not his actual face.

  3. Jonathan Wong

    11/11/2011 at 8:04 pm

    I’m surprised no one has thought of a better idea to solve this.  I personally have a good idea to prevent pictures from being used so I’d lvoe to be able to implement it once ICS is open source but alas, I can’t program.

    Oh and does anyone know specifically who is works on teh facial recognition and can I ahve their contact info?

  4. freedune

    11/13/2011 at 1:19 am

    Lenovo has had an added feature since a long time to avoid this precise trick.  You can enable an option where you have to register your face while turning your head around (as if saying a deliberate and emphatic ‘No’), and every time you want to unlock it, you have to do it again.  The software creates a polygonic 3D image of your head that it uses for comparison, IIRC.  Google could have thought of including such a  measure.

  5. Nikhil Gupta

    01/01/2012 at 11:48 pm

    In lenovo, it was possible. I posted this back in 2008.
    http://nikhilguptas.blogspot.com/2008_01_01_archive.html 

  6. Pingback: Face Unlock Is Much Improved in Android 4.1 Jelly Bean

  7. Pingback: Apple’s Multi-User Face Recognition Plans for iPad Revealed in Patent | The Apple Chapel

Leave a Reply