Bleeping Computer – by Catalin Cimpanu
Even before its official launch, smartphone experts are criticizing Samsung Galaxy S8 phones after one of their colleagues managed to bypass the facial recognition feature that ships with these phones by flashing a photo of himself in front of the phone.
In terms of bypass techniques, facial recognition systems getting fooled by photos is as bad as it gets, right there with storing passwords in cleartext.
The flaw was spotted by Spanish phone expert MarcianoTech, who was testing the device at its official launch, at the Unpacked event that took place yesterday in New York, USA.
The phones expert was actually live on Periscope when he first tricked the S8 with a photo of himself, shown via another device. The YouTube video above shows just the S8 facial recognition bypass.
Samsung launched the S8 with many new security features, such as an iris scanner and a fingerprint sensor. MarcianoTech didn’t attempt to fool the iris scanner with a photo of his eye but expect such tests in the following days. Experts believe the same flaw affects the S8+ model.
As said before, tricking a face recognition feature with a photo is a big no-no, as this is the first thing developers of biometrics software makers test. If a facial recognition feature can accurately distinguish between individuals, the next test is usually the one for image depth, as not be fooled by 2D images.
I’ll bypass it by not buying any phone that includes such features. A password works just fine.