Fooling the Samsung Galaxy S10 Face Unlock is too easy

by Mark Tyson on 12 March 2019, 12:41

Tags: Samsung (005935.KS)

Quick Link: HEXUS.net/qad5li

Add to My Vault: x

The launch of the Samsung Galaxy S10 range of smartphones was greeted in a muted manner by HEXUS readers last month. Most of the comments on our launch article were smartphone users saying how they would stick rather than switch, as the intergenerational advances were judged to be marginal. This is despite Samsung putting its efforts into three variants of the Galaxy S10, the S10e, S10, and S10+. Perhaps too many of Samsung's best developers were stolen away by the Galaxy Fold project.

One of the big trumpeted changes delivered with the Galaxy S10 trio was the introduction of the Infinity-O Display to Samsung's flagship range (it debuted commercially in the A-Series). However, this change has had an unflagged consequence to the smartphone security. Thanks to the restricted space available, Samsung made the design decision to eschew its established face and iris recognition systems. In its place is a basic Face Unlock facility that might best be left disabled…

Hiding the selfie camera in plain sight

This morning I received an email from cybersecurity solutions company Tripwire. The firm's regional director of EMEA channels, Cary Gibbs, provided a rather damning statement about Samsung's new Galaxy S10 Face Unlock. "Vendors and manufacturers have a responsibility towards private individuals who purchase their products," opined Gibbs. "People who aren’t necessarily as versed in the technical details of the features their device offers may unknowingly leave their phones exposed to hacks by choosing forms of authentications they don’t know to be flawed."

In conclusion the Tripwire exec thought it imperative that Samsung "informs customers of the risks they may incur if they opt for face recognition as their main authentication method, and that Samsung advises consumers to opt for a more secure one." Luckily, all the Galaxy S10 phones also come with fingerprint recognition.

The 'flawed' authentication method has been demonstrated as such by several tech magazines in recent days. I've embedded the Unbox Therapy video showing off how easy it is to fool this authentication method - unlocking a phone he had set up with a previously recorded YouTube video clip. The presenter highlights the fact that Samsung's smallprint warns users that "Face recognition is considered less secure". However, even photos have been shown to be good enough to 'fool' the system, as have the faces of relatives and other not-so-similar looking people.

HEXUS Forums :: 15 Comments

Login with Forum Account

Don't have an account? Register today!
Posted by philehidiot - Tue 12 Mar 2019 13:09
Because pretty > security.

Especially as more people bank on their phones, etc.
Posted by Ttaskmaster - Tue 12 Mar 2019 13:19
Well, like the whole RGB ‘pantie-twisting travesty’, I'll just assume FaceRec can be disabled and carry on using what works…..
Posted by philehidiot - Tue 12 Mar 2019 16:37
Ttaskmaster
Well, like the whole RGB ‘pantie-twisting travesty’, I'll just assume FaceRec can be disabled and carry on using what works…..

I think the issue isn't people like us. I think it's people who buy a premium phone and rightfully assume the manufacturer has taken care to ensure the functions it provides are fit for purpose. I.e. that the security features which are there to prevent unauthorised access to your phone are….. secure. Yes you can get past anything with enough time and autism but the point is more would a casual thief who has nicked your phone be able to unlock it and use it / root through your files?

I'd compare it to tyres on a car. You would, unless you bought some dodgy brand, expect the tyres on a new car to work properly with the vehicle and withstand normal driving conditions as well as provide decent grip in an emergency. You'd not be happy if you'd bought the car and then had to change the tyres immediately because the OE ones were not fit for purpose.
Posted by Spud1 - Tue 12 Mar 2019 17:34
Ttaskmaster
I'll just assume FaceRec can be disabled and carry on using what works…..

Indeed it can, as Samsung have sensibly kept the fingerprint scanner which is far superior to these face unlock systems, as well as being more convenient. An option iPhone purchases don't have ;)

If they had not put a hole in the front of their screens the S10 range could have been near perfect, but sadly they did, leaving no good reason for any sensible person to buy one.
Posted by Ttaskmaster - Wed 13 Mar 2019 11:13
philehidiot
I think it's people who buy a premium phone and rightfully assume the manufacturer has taken care to ensure the functions it provides are fit for purpose.
People who assume, like that, are what keeps mechanics in business!

philehidiot
You would, unless you bought some dodgy brand, expect the tyres on a new car to work properly with the vehicle and withstand normal driving conditions as well as provide decent grip in an emergency.
I would not. That's what reviews are there to reveal.

SEE NEWER »