Samsung Galaxy S8 Facial Recognition Feature Is Bypassed Using A Photo
Samsung has introduced facial recognition feature in Galaxy S8 and S8+ using the upgraded 8-megapixel front-facing camera and the feature was limited to unlocking your phone.
However, a recent YouTube video from Marcianotech, shows the registered user of the device presenting a picture of himself to the phone's front-facing camera. After a couple of attempts, the phone recognizes the close-up selfie as the user's face, and the lock screen is subsequently bypassed.
While the Galaxy S8's facial recognition system could not be fooled in the first attempt itself, all it took was a few tries in a room with plenty of light to get the facial scanner to verify the photo and unlock the device.
It seems that Samsung's biometric security feature relies on image fingerprinting or similar methods of recognizing prominent features in a captured image. These techniques use complex algorithms to measure the size, shape and distances between a user's eyes, nose, and mouth, as well as other identifying facial features.
Samsung's executives present at the launch event admitted that the Galaxy S8 facial unlock mechanism is not as secure as other biometric authentication systems present on the handset like iris scanning and fingerprint unlock. This explains as to why Samsung has limited the facial unlock to lock screen and why we cannot use it to verify Samsung Pay and Samsung Pass on the device.
The Galaxy S8 provides various levels of biometric authentication, with the highest level of authentication from the iris scanner and fingerprint reader. In addition, the Galaxy S8 provides users with multiple options to unlock their phones through both biometric security options, and convenient options such as swipe and facial recognition. It is important to reiterate that facial recognition, while convenient, can only be used for opening your Galaxy S8 and currently cannot be used to authenticate access to Samsung Pay or Secure Folder.
This is not the first time that we are seeing the facial recognition feature on a phone being fooled by using a photo. It is more likely that Samsung's cameras rely on standard 2D facial recognition technology, which past demonstrations have shown can be easily tricked with two-dimensional photos, suggesting use as a standalone authentication feature remains limited.
There are, however, technologies that help bolster 2D facial recognition solutions. For example, facial motion capture might be applied to detect whether or not a target face is moving, bettering the chances that received imagery depicts a live human face rather than a photo or video.
Fortunately, for us the Galaxy S8 comes with an iris scanner, which is more secure than a simple facial unlock.
According to rumors, Apple is also planning to debut some form of facial recognition technology in iPhone 8. If Apple does end up debuting a revolutionary 3D selfie camera, it is possible that the facial unlock system on the handset will be smart enough to avoid being fooled by a similar trick. This is because the 3D camera would need all the data points first to map the user’s face in 3D, which photos simply lack. KGI analyst Ming-Chi Kuo believes Apple may use integrated specialized IR transmitters and receivers to perform 3D sensing and modeling, or depth mapping. The system should offer a more accurate representation of a user's face as compared to conventional 2D systems.
For now, we recommend you not to use facial recognition in Galaxy S8 and instead opt for any of the biometric security features in the phone, like iris scanner or fingerprint recognition.