Android Jelly Bean Face Unlock hacked with simple Photoshopping

face-unlock

Google improves Face Unlock on Jelly Bean by requiring users to blink, but even this can easily be spoofed through image editing.

When Android Ice Cream Sandwich was released, one of the much-touted features was Face Unlock, which supposedly made the smartphone more friendly in terms of user experience. The phone unlocks just by “seeing” the owner's face. Unfortunately, this was found to be insecure, as the Face Unlock feature recognized even static photos of the owner.

With profile pictures easy to access through social networks, Face Unlock could easily be circumvented, which defeats the purpose of securing the lock screen in the first place.

Jelly Bean adds another layer of security, which supposedly ensures “liveness” by checking whether the person is actually moving. For this purpose, the software checks for a blink after the initial scan. After you blink, off goes your phone's lock screen.

Again, though, this system has been easily circumvented. This time, it will require a bit of photo editing on the hacker's part. Because the user is supposed to blink to prove he or she is the real deal, Jelly Bean will have to be fooled to think that a blink has been done with simple photo editing.

First, find a fairly recent image of the smartphone or tablet owner. Facebook should be a great source.
Using photo editing software, paint over the eyes with the same color as the surrounding skin tone.
Flash the photos alternately to simulate a blink.

It seems Jelly Bean cannot differentiate between a real blink and one that involves some image editing. While we wait for Google to fix these issues, the Face Unlock feature is likely to remain just a novelty on Android, and we don't recommend using it if you keep sensitive data on your mobile device. Use a PIN, password or pattern unlock instead. And if it interests you, other platforms also have innovative ways of securing lock screens, such as Windows 8′s picture password feature. It's also rumored that Apple may include fingerprint scanning on iOS devices, after it acquired AuthenTec in July.

Check out the video below for a sample of how Jelly Bean's face unlock feature can be tricked.

Telus Samsung Galaxy Note gets a taste of Jelly Bean goodness

by Bogdan Bele, 2 weeks ago

The Telus Samsung Galaxy Note is finally getting its Jelly Bean upgrade, as the carrier has promised not long ago, so good news for you if you’re on Telus and you own the device. According…

Comments

http://www.facebook.com/profile.php?id=1408432386 Joe Innecken

Is the S4 gonna run Key Lime Pie
- http://www.facebook.com/duh.koda.1 Duh Koda
  
  If the S3 is getting it, then obviously the S4 will get it. But if you mean shipping with KLP, no, It’s shipping with (what is as of now) the latest version of Android, 4.2.2.
RaptorOO7

So much for a flagship phone, what a joke. The GS3 came with ICS 4.0, updated to JB 4.1.2 and Samsung has already publicly stated it WILL get KLP 5.0. Suckers buy HTC.
- LAKAME
  
  The Galaxy Note came with android 2.3, was updated to android 4.0, then 4.1, and probably will be updated to 4.2 :D
- amine ELouakil
  
  lol! they are talking about the One X, not the One, the One X came out before the GS3 got updated to android 4.1 before the GS3 in many major markets and it’s getting 4.2 most likely before the GS3, not to mention that the said report is not just some random rumors, (posted by those samsung blogers ?) anyways you need to check your facts before posting something stupid.
  - http://www.facebook.com/duh.koda.1 Duh Koda
    
    Even the S2 has 4.2 Jellybean already, pretty sad to say that a phone 3 years old has 4.2 and a 1 year old phone doesn’t even have it yet.
http://www.facebook.com/duh.koda.1 Duh Koda

This is why I will never buy an HTC phone. They have terrible support for all of their devices.
- http://twitter.com/danmcsw danmcsw
  
  I’m with you on this.
- geospa300
  
  Bad luck for you because I picked up my new HTC one and it’s unbelievably good.
carlisimo

That’s a photo of a One S. I have one of those, on T-Mobile, and I’m not convinced it’s even going to get 4.1. (The One S everywhere else in the world has, but it’ll probably end there.)

I didn’t expect any updates so I’m not bitter about it… but it’s impossible not to notice that Samsung and (unsurprisingly) Motorola have gotten much better about providing them.
Data1001

Does this apply to the HTC One X+, as well?
KC

This is timely news. I was going to buy the HTC One. Now that I know how HTC treats its customers, I’m now set on getting the Motorola-X instead.

But my wife and daughter have the HTC One X. They’re really disappointed about this.

Thanks for this news reminder on how HTC sucks!
.
http://www.facebook.com/profile.php?id=1059415746 Balint Udvarhelyi

Experience tells me that 4.2.2 is the last update for the One X and One S. Updating these phones to KLP would signal a very positive change at HTC. The forums are full of HTC users complaining about late or even missing updates (and lack of removable battery/memory expansion).