Galaxy S8's facial recognition system is easily fooled by a photo

31 March 2017

Aside from the (badly placed) fingerprint sensor and the iris recognition system, Samsung's new Galaxy S8 and S8+ also come with a third biometric authentication option: facial recognition. So far so good. But if you expected this to be any better than similar efforts from many, many years back... well, get ready to be disappointed.

Like the Face Unlock feature Google added to the Ice Cream Sandwich release of Android way back in 2011, Samsung's new facial recognition system can be easily fooled by showing it a photo of the person that has set up his or her face as trusted. The proof is in the short video below.

Interestingly enough, after Google's Face Unlock proved easy to compromise, Samsung released its own interpretation of the feature which required blinking before unlocking. This was in 2012, mind you, so we're not sure why the Korean company seemingly forgot about that in the meantime.

Anyway, note that the blinking requirement makes such systems a tad better, but they can still be defeated by using two photos: one of the person with eyes open, and the other with eyes closed, and quickly switching between the two when trying to unlock. It's a bit more complicated than what's shown above to have worked on the S8, but still doable.

So a word of advice: don't consider facial recognition to be on par, security-wise, with the iris scanner or fingerprint sensor. You might regret it if you do.