‘Liveness Check’ in Jelly Bean’s Facial unlock can be spoofed, with some effort
Google responded to security complaints about the Facial Unlock feature introduced as part of Ice Cream Sandwich by implementing a “Liveness Check” in Jelly Bean. Simply, the added layer of safety is designed to prevent the ability to spoof the lock method using a photo of the phone’s owner by requiring the user to blink. Well, getting around the new measure isn’t all that difficult, but does require a bit more work than the previous implementation. Step one: shop a photo of the phone’s owner so as to make their eyes appear shut. Step two: cycle between the two images on a computer screen.
As we have said before, Face Unlock remains a neat party trick, but there still remains a need for further refinements before it becomes a go-to unlock method.
[via AndroidPolice]