Samsung's Galaxy S8 facial recognition feature defeated with digital photo

in General Discussion edited March 2017
Samsung with its Galaxy S8 introduced a new device unlock feature based on facial recognition software, but it seems all it takes to bypass the low-level security layer is a photo of a registered user.

As seen in the video below, YouTuber Marcianotech was able to spend some time with the Galaxy S8 at Samsung's launch event on Thursday. After a few minutes of playing with the device, he was able to successfully defeat the handset's facial recognition function with a picture of his face (captured on another S8 no less).

It seems that Samsung's biometric security feature relies on image fingerprinting or similar methods of recognizing prominent features in a captured image. These techniques use complex algorithms to measure the size, shape and distances between a user's eyes, nose, and mouth, as well as other identifying facial features.

Since such systems use common 2D cameras, they can be defeated using 2D images. There are, however, technologies that help bolster 2D facial recognition solutions. For example, facial motion capture might be applied to detect whether or not a target face is moving, bettering the chances that received imagery depicts a live human face rather than a photo or video.

In any case, it appears the facial recognition software built into Samsung's S8 and S8+ does not incorporate safeguards beyond industry standard 2D image fingerprinting.

For its part, Samsung in a statement to ArsTechnica said its new facial recognition feature only controls device unlocking and is not applied to more sensitive tasks like mobile payments or accessing the handset's Secure Folder.
The Galaxy S8 provides various levels of biometric authentication, with the highest level of authentication from the iris scanner and fingerprint reader. In addition, the Galaxy S8 provides users with multiple options to unlock their phones through both biometric security options, and convenient options such as swipe and facial recognition. It is important to reiterate that facial recognition, while convenient, can only be used for opening your Galaxy S8 and currently cannot be used to authenticate access to Samsung Pay or Secure Folder.
Still, with Samsung marketing facial recognition as a security feature, users could be expecting a bit more from the new functionality.

Perhaps not coincidentally, Apple is also rumored to debut some form of facial recognition technology in its upcoming "iPhone 8" smartphone later this year. According to KGI analyst Ming-Chi Kuo, Apple's version is believed to integrate specialized IR transmitters and receivers to accomplish enhanced 3D sensing and modeling capabilities, or depth mapping. The system should provide a more accurate representation of a user's face as compared to conventional 2D systems.

As AppleInsider explained earlier this month, however, it is unlikely that Apple intends to replace existing Touch ID fingerprint authentication with a face-based biometric solution. Because face-based technology is still being refined, Apple's facial rumored facial recognition system will likely power ancillary, opt-in functionality, while Touch ID handles critical tasks. At least in the near term.


  • Reply 1 of 117
    red oakred oak Posts: 934member
    "Only controls device unlocking".  LOL
    StrangeDaysSpamSandwichrepressthisjbdragondysamoriaanton zuykovgilly017tallest skilwatto_cobra[Deleted User]
  • Reply 2 of 117
    magman1979magman1979 Posts: 1,254member

    And to top it off, Scamsung give a deflection about the security instead of acknowledging they screwed up, yet again!

    if I spot anyone using this in the wild I'll immediately point this out to them and see if they'll be stupid enough to continue using it afterwards...
    capasicumirelandMacsplosionSpamSandwichrepressthisjbdragonanton zuykovgilly017Mal_Rwatto_cobra
  • Reply 3 of 117

    And to top it off, Scamsung give a deflection about the security instead of acknowledging they screwed up, yet again!

    if I spot anyone using this in the wild I'll immediately point this out to them and see if they'll be stupid enough to continue using it afterwards...
    Even better, bet them $5 that you can unlock their phone in 30 seconds.  Take a photo of them with your iPhone and voila!  

    Too bad Apple is above doing something like that in a TV ad :smile: 
    edited March 2017 chiacapasicummagman1979SpamSandwichrepressthisjbdragonwatto_cobra[Deleted User]
  • Reply 4 of 117
    tundraboytundraboy Posts: 1,824member
    Oh, Samsung! 
    jbdragonanton zuykovwatto_cobracornchip
  • Reply 5 of 117
    mobirdmobird Posts: 695member
    First to market, first to fail.
    brucemcroundaboutnowcapasicummagman1979irelandStrangeDaysMacsplosionrepressthisjbdragonanton zuykov
  • Reply 6 of 117
    macseekermacseeker Posts: 521member
    You're killing me AppleInsider. STOP IT!!! I'll have my next-of-kin send you the funeral bill.
  • Reply 7 of 117
    bluefire1bluefire1 Posts: 1,216member
    So Apple isn't doomed after all?  ;)
  • Reply 8 of 117
    EsquireCatsEsquireCats Posts: 1,243member
    Weaker forms of biometric ID can form an excellent basis for features such as a passive security layer that can intelligently lock the device and log its location. The AppleWatch intelligently uses biometrics to determine when to lock the device. Including altering these for specific use scenarios.

    A combination of biometric IDs can also form a strong identification system, e.g. Efforts to break touch id can be halted by additionally checking for the owner's face. Or pass code attempts can be rejected if the phone hasn't seen its owner in a period of time. Instead Samsung has compromised security by granting more access to singular, weak forms of biometric identification. Utter stupidity with zero foresight, and a strong indication of what development is like inside Samsung.

    If (rather when) the iPhone removes the home button, you can be sure that the sensor won't be moved to the back of the device, but rather use a technology that reads it through the fingerprint through the screen.
    What Samsung is doing here is just trying to make their phone look like what Apple is rumoured to be producing - even though it's compromising their user experience to achieve this. From launch Samsung conceded that Samsung pay would still require use of the now oddly placed finger print sensor.

    In their pursuit to make the S8 look as apple-like as possible, we see that Samsung has even aped the iPhone 6 wallpaper, big white billboard advertising style, round+polished finish and further altered apps to look even more like iOS.
  • Reply 9 of 117
    brucemcbrucemc Posts: 1,541member
    Where is the face palm emoji when you need it!
    macseekerMikeymikecapasicummagman1979airmanchairmananton zuykovwatto_cobra
  • Reply 10 of 117
    After Google had this issue with Face Unlock 5 years ago, you'd think Samsung would have done something to prevent this. I mean, it's not like we didn't go through this all before.
  • Reply 11 of 117
    ravnorodomravnorodom Posts: 498member
    Nice! It gives Apple the chance to perfect their facial technology. Apple's facial technology is going to blow Samsung out of the water.
  • Reply 12 of 117
    horvatichorvatic Posts: 144member
  • Reply 13 of 117
    jd_in_sbjd_in_sb Posts: 1,600member
  • Reply 14 of 117
    cornchipcornchip Posts: 1,902member
    This is beyond LAME. Guarantee Apple's facial recognition tech will incorporate 3D reading of some sort to differentiate it from a 2D photo. 

    EDIT:: Guess I could have read the entire article first...

    Although, one thing the article does skim over is whether or not this tech can be used in conjunction with / in addition to the fingerprint sensor, as opposed to either/or, which, I imagine it can be. So on a demo device which does not have fingerprint authentication set up, then yes, a photo will get you in, not so if fingerprint authentication is also activated. On the other hand, the devices clearly have the capability to allow solely facial recognition to unlock the device, which while a seemingly "neat" option, is clearly not a smart security policy.
    edited April 2017 watto_cobra
  • Reply 15 of 117
    The Various TLA's will be looking at this with interest. In their eyes, anything that can make access to smartphones in general easier (and cheaper) for them is a win-win.
    Because of existing US Laws, they can't force you to divuldge your passcode but they can use finderprints and optical controls without hindurance then they will be hoping that Apple introduces something on a par with Samsung.

    Whatever Apple introduces, don't use it if (including touchId) you have anything even remotely embarassing let alone incriminating on your phone/tablet.

  • Reply 16 of 117
    dysamoriadysamoria Posts: 3,430member
    Well, that was predictable.
  • Reply 17 of 117
    MikeymikeMikeymike Posts: 102member
  • Reply 18 of 117
    AkamineAkamine Posts: 8member
    Another hurried up phone Samsung? 
    irelandsuddenly newtonwatto_cobra
  • Reply 19 of 117
    konger said:
    Apple has never innovated, it only steals or buys ideas from other companies (cough Xerox, yeah, your first breath was stolen).
    I think you will have to read way more on the history of IT. Apple is the only company to get the Xerox technologies as part of a business deal. Everybody else stole it, starting with Microsoft.

    Actually, there are quite a few talks by Alan Kay on Youtube, I suggest you watch them all. What he says in brief is that all those technologies currently attributed to Xerox were 10-15 years in development, way before Xerox PARC was even established. Take a look at the Augmented Research Center (ARC) and what has been developed there.

    The rest of the claimed thefts are as real as that one.
  • Reply 20 of 117
    brucemc said:
    Where is the face palm emoji when you need it!
    Right here (iOS 10.2.1): ߤ氟ﻦzwj;♂️ߤ氟Fzwj;♀️

    Edit: Hm, doesn't seem to be supported by Appleinsider.  :/
    edited April 2017 irelandwatto_cobra
Sign In or Register to comment.