29
Jun
image

Face Unlock, a security feature introduced with Ice Cream Sandwich, while a fun concept, proved vulnerable to trickery. Specifically, the unlock method would recognize photos of your face as if they were your real face. Another issue with Face Unlock was that it ostensibly never locked users out after numerous failed attempts.

Looking to address these issues, Google did a bit of tweaking to Jelly Bean's Face Unlock. Namely, FU now features a "Liveness check" option which, as the name suggests, makes sure you're a real, live person before unlocking your device. It does this by asking the user to blink during facial recognition. As we all know, photos can't blink, so in theory this should enhance the practical security of Face Unlock.

Screenshot_2012-06-29-13-34-06 (1)

Jelly Bean's Face Unlock will also lock users out if facial recognition is failed too many times in a row. Once this happens, the user cannot get back to Face Unlock by simply hitting the power button a couple of times – instead, the user must complete the alternate unlock method they selected when setting up FU.

Screenshot_2012-06-29-13-29-09

With these tweaks, Face Unlock should be a bit more secure, though the "liveness check" feature reportedly reduces FU's quickness and accuracy, probably because it has to find a set of eyes and detect a blink on top of looking at the rest of your face.

Those lucky enough to be running Jelly Bean need only set up Face Unlock as usual and check the "Liveness check" box at the end to make FU just that much more secure.

Liam Spradlin
Liam loves Android, design, user experience, and travel. He doesn't love ill-proportioned letter forms, advertisements made entirely of stock photography, and writing biographical snippets.

  • Alan

    The Liveness check should be mandatory not optional!!!

    • skatsbrayt

      Totally agree. Though Google may have left an option for it for those who just want FU for show and tell/gimmick so they can experience faster unlocking.

      • http://jeremyperez.com Jeremy

        In my experience, face unlock isn't faster than pattern at all. I could have my phone unlocked before the camera loaded in the image of my face. (This is on a GNex.

        • skatsbrayt

          I'm not saying faster than pattern or password. I'm saying faster face unlocking against the one with liveness check.

  • PacoBell

    I know a rather simple way to circumvent the liveness check. People have been doing the same with puppets for ages. 

    • http://twitter.com/andr3wjacks0n andrew jackson

      So someone is going to make a realistic puppet of someones face, complete with blinking eyelids just to unlock a phone?

      • http://www.androidpolice.com/ Artem Russakovskii

        I loled. Also it now locks you out of Face Unlock after a few attempts.

      • Chris

        If someone did I fell sorry for the human race. 

      • PacoBell

        It's not that hard. These are the same people that used photos of people to spoof face unlock. I can imagine cutting out the eyes and maneuvering another strip of paper behind it with images of the eyes open and closed respectively. Again, "realistic" is relative to the robustness of the sensor perceiving it. 

        • J Rush

          Yeah, but who's going to take the time to do all of that just to get into a phone? You talk about being realistic, but that's about as realistic as Space Invaders.

          • PacoBell

            You give a lock to a hacker and say it's impossible to crack: challenge accepted! Why do we do a lot of things that seem pointless? For the lulz, obviously. Sheesh. 

          • http://twitter.com/turbosix turbosix

            this is also assuming a couple things:
            1. the person that has your phone knows what you look like
            2. the person that has your phone has a picture of your face head on
            3. the person that has your phone has a color printer.

          • PacoBell

            We live in an ostensibly paperless society. Use your imagination. We will all soon have the option to have cameras mounted to our heads 24/7. We all carry mobile displays already. You figure it out. 

        • fixxmyhead

          damn u freaking swear like someone is gonna go through all that trouble just to unlock a phone. be realistic

          • PacoBell

            The point is this method of unlocking phones is even more vulnerable to attack than the old pattern unlock. Like I mentioned earlier, it's trivial to animate a static image so that it's no different than reality to a "cheap" sensor. If that's all you've got protecting your device, then it's a false sense of security. Of course, it all depends on the value of the assets you have stored on it. Maybe you've got some enemies who'd like to stick it to you by purchasing that $200 vuvuzela app through your account?

          • http://cassidyjames.com Cassidy James

            @PacoBell:disqus that's why you put a pin on your Google Play purchases. ;)

          • PacoBell

            @Cassidy James Now THAT'S proper two-factor authentication! Would be better if the attacker were not able to get even that far, but it does mitigate the fiscal damage that can be wreaked. Btw, I absolutely LOVE Google Authenticator. Best security idea ever!

      • http://twitter.com/LH Luke Hutchison

        Just print a life-size picture of their face, cut out the eyes, and use your own eyes to blink. This would make for an awesome YouTube video if somebody with more time than me wants to make it.

    • http://www.facebook.com/chris.sanner Chris Sanner
    • Leonid Podolny

      Or just a video

      • http://www.androidpolice.com/ Artem Russakovskii

        You'd have to have a photo of someone staring and blinking - chances that a thief would have this if you lose your device are pretty much nil. Either way, Google says it's a feature that reduces security - your pattern lock won't protect you much either if a person knows what they're doing.

    • fixxmyhead

      lol vuvuzuela app

  • http://twitter.com/andr3wjacks0n andrew jackson

    Useless for me because it won't be able to see through my glasses.

  • Chris

    Still a useless feature. If you cant keep your phone with you then you shouldnt own one in the first place!

    • http://twitter.com/andr3wjacks0n andrew jackson

      So you have never lost anything...ever?

      • Chris

        sure I have, but nothing expensive....

    • http://www.androidpolice.com/ Artem Russakovskii

      Cause nobody ever steals anything.

      • Chris

        unless you get mugged and get the shit beaten out of you or get too drunk and leave your phone at some bar your phone should be with you at all times. 

        • J Rush

          I don't even understand the first two...the last one is a tad more realistic, but even then if someone finds it they'll probably steal it.

        • http://www.androidpolice.com/ Artem Russakovskii

          You just listed two perfectly feasible situations. I can think of more.

        • Follower

          "
          or get too drunk and leave your phone at some bar"

          That's how the iphone 4 leaked :)

    • http://halljake.com Jake Hall

      It's not really useless. It's appealing because it's somewhat gimmick-y, sure, but I think it provides a nice level of security between 'no one can know my secrets ever!' and 'oh shit my friend just updated my status while I went to the bathroom'

    • skatsbrayt

      So, when I'm in my office, and decides to go to the bathroom for some reason, I should still bring my phone or tablet with me? Is that your point?

  • http://www.facebook.com/profile.php?id=1745689461 Hal Motley

    I think Face Unlock with these features is definitely on the way to becoming a reasonably reliable way of locking your Android device from being an Ice Cream Sandwich gimmick.

    I still stick with the good old pattern lock as my preference, even since my iOS (thanks to an awesome Cydia tweak) days.

  • http://twitter.com/TheGermian Germian

    FU is a very... unfortunate abbreviation :)

  • Freak4Dell

    I'm waiting for Face Unlock to become more integrated. Might be pretty cool to have it open up a different profile on the phone (or more likely, tablet) depending on who it's unlocked by. Maybe even a guest mode or something for faces it doesn't recognize.

  • Theghostlywriter

    Security is nice and all, but I wish my face unlock worked better to recognize me and not lock me out.

  • siypion

    What's next sound unlock, "Hi galaxy/ open sasame"

    • BkChandan

      That'd be fun.

    • Nicholas Loomans

      That would be very cool. It would have to know your voice, though, ofc. I would love to ask my phone if I have any notifications, or what the time is.

  • Arwah Pak Mat

    what about sex unlock????come on google....hehehe

Quantcast