When Samsung announced the Galaxy S8 and Galaxy S8 Plus just the other day in New York City, they unveiled a phone that we had mostly expected given the leaks beforehand. While the phone is incredibly exciting to say the least, and sports a design that’s wholly different from what we’ve seen from Samsung in a number of ways, it features some interesting ways to unlock the phone that we didn’t expect to see again: facial recognition. At the conference Samsung touted the security of their new facial recognition unlock method, however if one blogger’s experience is anything to go by, the new method is anything but secure.
In the sourced link below you’ll find the user, Marcianophone, showing off the facial recognition abilities of the new Galaxy S8 on Periscope at the Samsung event the other day. After setting up the phone to unlock by seeing his face, he took a selfie with another Galaxy S8 in the room. It took some finagling, but after a few tries he actually seems to have gotten the selfie to unlock his phone, making the Galaxy S8 think it’s his face instead of just a picture of his face. This same trick was used back in the Android 4.0 days when Google originally launched the facial recognition unlock, giving users the option to use their face instead of a pass code. Google later hardened its security by asking users to blink once the face is recognized, theoretically eliminating the possibility of using a picture of someone’s face to unlock the phone.
It’s possible that Samsung will amend the feature before the official launch on April 21st this month, or at the very least give users a warning when enabling the feature for the first time. As of now the facial recognition unlock is the only method that cannot be used to authenticate with Samsung Pay, which is a relief given how many payment stations Samsung Pay works with at this point in time. Users can still utilize the ultra secure Iris Scanning or Fingerprint Scanning methodologies to unlock their phones and use as payment verification methods, both of which have been proven to be secure.