- The Samsung Galaxy S10’s face unlock has apparently been defeated by photos and video clips.
- A prominent developer even reported that she was able to unlock her brother’s Galaxy S10.
- You should probably stick to the phone’s in-display fingerprint sensor if you value security.
The Samsung Galaxy S10 series ditched the iris scanner of prior entries in favor of an in-display fingerprint sensor and camera-based face unlock technology. Unfortunately, the latter authentication method seems to be woefully inadequate.
Unbox Therapy and The Verge were both able to fool the Galaxy S10 with the aid of a video played back on another phone, Android Police reported. Skip to the two-minute mark in the Unbox Therapy video below to watch the trick in action.
It’s unclear whether these outlets disabled the faster recognition option, which boosts unlock speeds at the expense of security. However, tech website SmartWorld told Android Police that they disabled the feature when they successfully unlocked the Galaxy S10 with a photo.
The face unlock errors don’t stop here though, as app developer and teardown specialist Jane Wong was able to unlock her brother’s Galaxy S10 Plus. This isn’t the first time a phone mistook someone else for its owner, and manufacturers usually warn users about the perils of using camera-based face unlock. But with the Samsung flagship being fooled by photos and videos too, it’s not a good look at all.
Apparently S10+ thinks we look the sameBut we don’t…? pic.twitter.com/COAS9QJodK— Jane Manchun Wong (@wongmjane) March 9, 2019
Camera-based face unlock features have a history of problematic security, going back to Android 4.0 Face Unlock back in 2011. Back then, people demonstrated that the technology could be fooled with a simple photo. Google’s later attempt to implement a liveness check (i.e. blinking) was circumvented by photo editing.
Face unlock using structured light or time-of-flight sensors has since become the preferred authentication method for several flagships. These solutions are able to calculate facial details and contours, largely negating photo and video spoofing. So if you want more secure face unlock on a smartphone, consider the LG G8 ThinQ, Huawei Mate 20 Pro, or Oppo Find X.
In saying so, Samsung’s older flagships don’t fall for the old photo trick, according to a test by the Dutch Consumentenbond organization. The consumer watchdog found that over 30 models from the likes of Alcatel, BlackBerry, Huawei, Samsung, and Sony could be unlocked with a photo. But the Galaxy S9, Galaxy S9 Plus, and Galaxy Note 9 emerged unscathed. However, we don’t know if Samsung’s face unlock was aided by its iris scanning function as part of its intelligent scan feature.