Uncategorized

‘Liveness Check’ in Jelly Bean’s Facial unlock can be spoofed, with some effort

35

Google responded to security complaints about the Facial Unlock feature introduced as part of Ice Cream Sandwich by implementing a “Liveness Check” in Jelly Bean. Simply, the added layer of safety is designed to prevent the ability to spoof the lock method using a photo of the phone’s owner by requiring the user to blink. Well, getting around the new measure isn’t all that difficult, but does require a bit more work than the previous implementation. Step one: shop a photo of the phone’s owner so as to make their eyes appear shut. Step two: cycle between the two images on a computer screen.

As we have said before, Face Unlock remains a neat party trick, but there still remains a need for further refinements before it becomes a go-to unlock method.

[via AndroidPolice]

Kevin Krause
Pretty soon you'll know a lot about Kevin because his biography will actually be filled in!

Call of Duty: Black Ops Zombies launches as Sony Xperia exclusive

Previous article

HTC Proto comes as an affordable handset with better specs than the One V

Next article

You may also like

35 Comments

  1. Wow… really? OK. If someone really had a photo of you with your eyes open and closed they deserve to hack. LoL!!

    1. EXACTLY!!!! If someone has a photo of you with eyes open then closed????…. Your at fault.

      1. Yes!! Yes you are. You should have told your friend, who will be lyk the only person who has this photo, to retake the picture since your eyes were close. LoL!!

        If someone actually went through the trouble to do that, I would just let them see what’s on my phone. It’s so useless. Obviously I’m not trying to hide too much if all you need is my face to unlock my phone. LoL!!

        1. I think you might have brain damage #yolo

    2. You obviously commented before you watched the video with your fail comment.
      They drew the eyes close.

  2. I can’t even use live ness check with my real face. Eyes are too small…

    1. Asian?

      1. I ain’t even Asian.

        1. Sleep more or quit smoking then. ^^

  3. For most people, this would be a hard feature to break. But for guys who spend the majority of their day ripping people off, they will get through it no matter what. Locks were designed to keep honest people out.

    1. Yeps, locks are just a deterrent, and that’s all.. Now a bank vault, that’s another story..

  4. Why the hell will some thug on the train have my photo? I don’t use it because its slow to boot up.

  5. Thought step one was to… Cut a whole in a box….?

    1. this is such a simple fix for teh hack… all google has to do is use a patterend blink method. in other words when you take your initial photos, eyes open, then eyes closed, then photos of a certain eye blink patter. ” left eye open, left eye closed, right eye closed, left eye closed”…etc… then the pattern blink can be as un breakable as the pattern unlock,, ATTENTION GOOGLE, PATENT THE EYE PATTERN UNLOCK METHOD I JUST MENTIONED ASAP BEFORE CRAPPLE DOES!…heck.. maybe ill patent it and sue google on next release

      1. Thats not a bad idea really…

    2. Umm, Cut a whole what, in a box? Oh wait, you must have meant ‘hole’..

  6. sounds like a lot of work to do instead of just rooting the phone and making a system dump

  7. I never understood this whole point of “screen unlock can be hacked.”
    If someone had a picture of me, I’d be more worried of that than them stealing my phone…

    1. If your phone has a SD card and you have photos on it they have your picture and can get to it easily :|

      1. Umm, are you sure.. I have hundreds of pics on my phone, not 1 is of me.. Since when is a camera all about taking photos of yourself.? I thought it was more-so for capturing memories and moments, not, ‘heres how i look today’… Now my brothers phone, thats got pictures of me.. :P

        1. Okay well I’m sure a majority of people have at least 1 clear picture of themselves on their phone. I think its weird you don’t have at least 1 picture of yourself

          1. Yep, if Im in the picture, normally someone else is taking the pic.. If the pics are on my phone, then Im the one who took the picture, as I dont let ‘anyone’ touch my phone.. Maybe its just a Teen thing, cuz my cousin takes plenty of pictures of herself w/ her phone.. I dunno.. But now, my actual camera, camera.. Ive had shots taken of me, esp during hunting, of me and my kills..

          2. A teen thing? Maybe people just aren’t as paranoid about their phone as you are and actually let people take pictures of them with their phone, because pretty much everyone I know that uses their phone to take pictures has at least one of themselves. I think your in the minority here…

  8. Better than my method, I tried printing a pic out, cutting a hole in the eyes and then looking through it and blinking. Needless to say, it didn’t work.

    1. I saw someone say that on YouTube. Was that you? LoL!!

    2. Maybe using one of these spy camera apps when the person is using your phone and then use it to bypass the liveness check of this guy’s phone…

  9. Because there are people who just happen to have the tools to go and just create a simple animated pic of you blinking? its sufficient enough maybe this is just to show proof of concept but with this method people are way less likely to hack you. At the end of the day if people wanted to hack you they will by any means if the people you are around are that untrustworthy, you then have big problems

  10. Ok… So now this perpetrator has a photo of you and slightly decent image altering skills. What’s next? Face Unlock stops random people from getting into your phone, not your friends.

    I’m sure Face Unlock is actually the most secure if your phone gets lost. Because if they don’t know how you look, they can’t crack the code. You can crack a password and pin number, but good luck finding how the person who owns the phone looks like.

    Wii’re not going to talk about the fail the FBI had when trying to unlock that dudes phone when he had pattern unlock. HaHa!1!1

  11. Ummm they have your phone your pics would be in it ditry bags could figure it out if they wanted

    1. My first response to this was “they don’t have the photos because they haven’t broken into your phone yet.” However, I realized that photos are stored on the sd card, which can be easily removed and read. Unless… the sd card is INTERNAL! Which means that phones without sd cards – like my Galaxy Nexus – are cleverly designed that way FOR SECURITY REASONS!

      Or not.

  12. Face unlock is something I use for ease of use it keeps casuals out of my phone, like kids, girlfriend etc. It is not and never will be a serious security measure.

    That said the performance that was a bit of an issue of the s2 is greatly improved on the s3 making it bareable for daily use, obviously still a pain in the butt in bad light but overall better than pattern for speed and security.

    If you want much better security you need a really tough passphrase and full encryption, but do you really want the trade off on a phone?

  13. What about a fingerprint reader?

    1. Motorola has this inside the power button (on Atrix). Google should give it some value…

      1. Had no clue any phones had a fingerprint reader/scanner.. I had to look this up.. Wow.. The Bionic is almost the same and it lacks a scanner.. Dang.. Im missing out on something I didnt know existed on a phone yet… So wait.. I have a thought.. Apple will add this to the next iPhone and sue motorola next year.. /s

        1. Yeah, it worked really well on the Atrix. I never had a problem with it!

Leave a reply

Your email address will not be published. Required fields are marked *