Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security

Samsung Galaxy S10 Facial Recognition Fooled by a Video of the Phone Owner (zdnet.com) 60

Experts have proven once again that facial recognition on modern devices remains hilariously insecure and can be bypassed using simple tricks such as showing an image or a video in front of a device's camera. From a report: The latest device to fall victim to such attacks is Samsung Galaxy S10, Samsung's latest top tier phone and considered one of the world's most advanced smartphones to date. Unfortunately, the Galaxy S10's facial recognition feature remains just as weak as the one supported in its previous versions or on the devices of its competitors, according to Lewis Hilsenteger, a smartphone reviewer better known as Unbox Therapy on YouTube. Hilsenteger showed in a demo video uploaded on his YouTube channel last week how putting up a video of the phone owner in front of the Galaxy S10 front camera would trick the facial recognition system into unlocking the device.
This discussion has been archived. No new comments can be posted.

Samsung Galaxy S10 Facial Recognition Fooled by a Video of the Phone Owner

Comments Filter:
  • 3D and IR (Score:5, Insightful)

    by goombah99 ( 560566 ) on Monday March 11, 2019 @11:13AM (#58253702)

    There's a reason apple went with costly 3D imaging. Yes of course there's the prospect of spoofing it with a 3D mask but that's a pretty invasive and premeditated attack. You can't do it on the fly like a video. As has been noted many times, given some preparation it's possible to spoof fingerprint scanners. indeed it seems it's probably easier to spoof fingerprint scanners in many implementations.

    • The thing that surprised me here is that in the field of 3D resonstruction, passive optical flow methods have come to dominate Lidar or moire patterns in probably all use cases aside from cars. And even in cars, for daylight operations it's arguably better than lidar for many practical issues.

      But it's not the same as this example beautifully shows.

      Optical flow is the technique of inverting a 3D object by the camera-or-object motion such that the parallax effect gives you the information you need to figure

    • by AmiMoJo ( 196126 )

      And there is a reason Samsung didn't bother with costly 3D imaging. This isn't supposed to be a super secure system. Someone can unlock your phone by pointing it at your face, perhaps while you are asleep, even with the Apple system.

      Face unlock is for people who only want to protect against people they don't know stealing their phone. It stops random thieves from getting their data and makes it much harder for them to factory reset and sell the phone on.

      It's for people who are so lazy that even fingerprint

      • by shilly ( 142940 )

        Someone can unlock your phone by pointing it at your face, perhaps while you are asleep, even with the Apple system.

        Confidently wrong. I like your style!

        "When a face is detected, Face ID confirms attention and intent to unlock by detecting that your eyes are open and directed at your device"
        FaceID security white paper

    • Exactly. Moreover, even the 3D mask attacks sound like they only work if you rig the system. The first (only?) 3D mask attack that I've actually seen demonstrated wasn't able to be reproduced by any other researchers (at the time; maybe things have changed since then?), and it was later determined to have only worked for those particular researchers because they inadvertently trained the phone on the mask*. When they attempted to prove their methodology's reproducibility by resetting everything and giving t

    • There's a reason apple went with costly 3D imaging. Yes of course there's the prospect of spoofing it with a 3D mask but that's a pretty invasive and premeditated attack.

      Why bother with a mask? The police or a mugger will just hold you down while they point your phone at you.

      People forget that signing into a phone is not just validation of your ID, it's also your way of signaling that you actually want to sign in. Passive sign-ins like fingerprint or facial scans allow others to sign in on your behalf

  • by Anonymous Coward

    The sensor is a video sensor. It's not exactly human eyes and brain.

  • Consider all the flap about recent AI systems generating artificial head shots that most people can't distinguish from real photos. An algorithm that can create those can, with some existing add-ons, analyze a photo and decide what the Z-axis values are, thus producing a 3-D object. Might be a bit more difficult to fabricate, but I bet these phones can't tell what size the "head" they're looking at is.
    If they could capture cicadic movement, that might be cool, but I don't think the cameras have the frame rate to do so.

  • Easy to combine this 'feature' with the near-omnipresent surveillance state. No need to be asked to submit your face to unlock your phone: good chance they already have sufficient video to do it themselves.

    • by UnknowingFool ( 672806 ) on Monday March 11, 2019 @12:13PM (#58254212)
      Apple’s Face ID relies on 3D imaging so a video or photo doesn’t work. Other implementations of facial recognition does not so they are susceptible to different attacks.
      • Apple's Face ID is easily fooled by people with similar faces, e.g. close relatives... Hopefully you don't have a problem with your siblings being able to unlock your phone.
        • I don’t know if that true that similar faces would fool Face ID; however, that would fool other facial recognition based on photos and videos. My point isn’t that Face ID is infallible. My point was that Face ID isn’t fallible to this particular attack.
          • Yes, Apple face ID was designed to not be vulnerable to a simple attack using 2D picture of the face; that's the advantage of using 3D imaging. What I'm saying is, how much harder is it to make a 3D image of the face for an attack?
  • by Paxtez ( 948813 ) on Monday March 11, 2019 @12:19PM (#58254254)

    They specifically call it a low security type lock. The iris scanner was removed to make the hole punch smaller.

    The recommend using the fingerprint for biometrics.

  • Does it recognized dark faces? My personal prediction is that when the robot uprising comes, only the darkies will survive because the robots never figured out how to recognize dark faces...
  • by Anonymous Coward

    If I recall corectly, Samsung were pretty upfront about this, that the face scanning is less secure than the fingerprint scanner.

    It's not a bug, it's by design. :)

  • The lesson after all these years of biometrics is that, to a concerningly large extent, security mechanisms based on biometrics can be bypassed, often by ridiculously pedestrian and simple approaches. Trust biometrics at your own peril.

There's no sense in being precise when you don't even know what you're talking about. -- John von Neumann

Working...