Android ICS Face Unlock fooled by digital photo

Face Unlock, the latest security feature in Google's Android "Ice Cream Sandwich" that unlocks a phone via facial recognition, is not that foolproof after all.

A blogger showed the facial recognition technology may have worked too well, unlocking the phone if it is presented with a digital picture.

"While some of you think that it is a trick and I had set the Galaxy Nexus up to recognise the picture, I assure you that the device was set up to recognise my face. I have a few people there watching me do the video and if any one of them is watching this video I hope you can confirm that this test is 100% legit," he said in a YouTube video.


An article on The Huffington Post said the video has gone viral.

The Huffington Post noted that with people likely to have their images all over the Internet such as on Facebook and Twitter, facial recognition "could be a potentially serious flaw in Android 4.0."

"Of course, all this would require the person who's trying to break into your mobile to know your identity, so we suppose it's not something worth worrying about if you lose your phone and your identity is no way tied to it (i.e. you don't have your name on the phone)," it said.

It also noted TheNextWeb's Matt Brian had quoted Tim Bray, Android Developer Advocate at Google, had denied via Twitter that a photo could be used to break into the phone when the issue was raised last month.

Bray has so far not yet commented on the issue, the Huffington Post said.

'Only experimental'

On the other hand, a separate article on CNET said a Google representative it contacted said the feature is considered low security and experimental.

It said even the interface warns users that "Face Unlock is less secure than a pattern, PIN, or password" and that "Someone who looks similar to you could unlock your phone."

"It's also true that someone would have to plan ahead to have a photo of a target and wait for that person to leave the phone unattended to get access to a device locked with the feature. There is no question that using this low-level security feature is better than not locking the phone at all, as long as you understand the limitations," it said. — TJD, GMA News