Samsung's latest Galaxy S10 might be our favorite phone right now, but you might want to be a little bit careful when it comes to setting up lockscreen security on it. Right now, you can fool it with a video of yourself played back on another phone, or even just a photo. In at least one case, even siblings have been able to trick it.
Both The Verge and Lewis Hilsenteger (Unbox Therapy) were able to trick the S10's face recognition tech with a video played back on another phone. In the case of the latter, this is explicitly on a device smudged with fingerprints and dust, etc., only a couple of inches away. There should have been plenty of indirect cues there — focus distance, sufficient resolution to see pixel-level details, overlaid static features — to indicate that something might be off, but the S10 paid such details no mind.
Italian tech outlet SmartWorld was able to fool it with a static image, as well.
Apparently S10+ thinks we look the same
But we don't...? pic.twitter.com/COAS9QJodK
— Jane Manchun Wong (@wongmjane) March 9, 2019
You may not even need a photo or video to trick the S10's facial recognition tech. Jane Wong, of great social app teardown fame, was able to fool her brother's recently purchased Galaxy S10 with her own face; a mere family resemblance was reportedly enough to confuse it.
By default, the Galaxy S10 enables a "faster recognition" setting for face unlock that explicitly states it decreases your security for added convenience, so presumably it was on in most of these cases (Update: The folks at SmartWorld let us know they had this setting disabled in their tests with the photo, oof.)
These types of 2D face unlock are known to be insecure — remember last year's OnePlus 6 unlocking to photos, the fake 3D printed heads, and Jelly Bean's "liveness check" blink-circumvention? If you really care about your security, you shouldn't be relying on camera-based systems. At least, unless they're a bit more advanced, like the S9's iris scanner, or Apple's Face ID.