Well, well, well; it appears that Google’s Face Unlock feature in their upcoming Android 4.0 OS has been shown to be insecure. If you are surprised by this news then you are one of the few. The feature, just like many other “facial recognition” applications is built on an imperfect method for identification. But let’s not get too far into the story before we give away the plot.
Google showed off the new Face Unlock as one of the major features of Ice Cream Sandwich at the launch event. It was interesting because at the time they showed how particular it could be to facial expressions. Not that much later the question was raised about the possibility of fooling this with a digital image or a photograph. Given the commentary from Google on this feature I would have thought that someone might have replied that it was possible, but unlikely. Apparently that was not the case. After the question was tweeted, SonyaCincau decided to test this out.
According to a YouTube video the blogger went to a show where the Galaxy Nexus was on display and after setting up the Face Unlock using his own face he then proceeded to unlock the phone with a picture of himself taken on another phone. Now, the problem with this video is that we never see the original setup of the Face Unlock. All we see is the phone being unlocked using an image shown on the screen of another phone. This has led many to believe that the Galaxy Nexus was setup with the picture on the phone in the first place. I am not here to debate that; it still raises concerns about the actual feature even if the phone was used to setup the original lock.
Getting back to our point about the Face Unlock feature being incapable of being truly secure let me explain why. First of all the camera on the front of the phone is a 2D low resolution camera. It’s black point and white points are not what you would call top notch. This means that it is not capable of compositing shadows correctly or efficiently. In order to do true facial recognition you have to do something called facial mapping. This means that you calculate the depth of the facial contours using shadows (unless you are using stereographic 3D). As the camera is not capable of accurately capturing this in the first place there is no way that the software can accurately calculate the true facial contours. So all you have to do is provide a close enough image to fool the system. For those that will comment about the demonstration of this feature before take a look at the differences in the two faces used. They are very different with different outlines and even basic contours; in other words the demo was stacked to ensure that it worked properly (as most demos are).
So what do we have here? We have a system that cannot really be more than an entertaining way to “lock” your phone controlled by a technology that has a very limited capacity to even get the original image captured properly. We have some misleading comments about this feature on the part of Google and now a viral video showing it failing on a demo phone. To be honest with you, I would never put my trust in something like this in the first place. The technology just isn’t there in the phone or the OS. However, I do think that Google needs to be a little more honest about this and admit that while this can be fun to use, it is not a security feature by any means.
Source Huffington Post
Discuss this in our Forum