Clarification on the Ice Cream Sandwich Face Unlock video

Posted:  November 12, 2011   By:    30 comments   


UPDATE: The person manning the camera is Aman Firdaus from Amanz.my. He saw us doing the test a few times using the picture and face. He’s given permission for us to mention him here. Hopefully that will help clear some doubt. Thanks Aman!

UPDATE 2: Check out the response from Android Chief Designer Matias. Our Face unlock test was successfully repeated as well. Watch it here.

At the Samsung Galaxy Note regional launch in Jakarta last week, we had some hands on time with the yet to be released Google Galaxy Nexus and we got a question from @yauhui via Twitter asking if the Face Unlock feature in Ice Cream Sandwich can be tricked to recognise a picture of a face instead of an actual face. And so we went to test this out. We showed a Galaxy Nexus that has been setup to recognise an actual face. Then we showed the device a digital image of the same face but it was displayed on the screen of the Galaxy Note that we have on hand to see if we could trick Face Unlock to recognise the picture as well.

We took a video of this test and it went viral. We uploaded the video on November 9, and it currently has over 41,000 views and is featured on some of the most prominent tech sites in the world like TheNextWeb, Gizmodo, Huffington Post, TechCrunch, CNet, Phandroid, and Android and Me to name a few. The video was even featured on Yahoo! News globally. Our favourite is this one headline — “This Guy Just Exposed A Major Security Flaw In Ice Cream Sandwich”.

But the global coverage for our video is besides the point. What’s even more important is clarifying to everyone that the test — and the video — is not a trick. Some believed that we had programmed the Galaxy Note to recognise the picture and not the face. We must stress that this is not the case. The Galaxy Nexus in the video was the exact same unit we used to do our hands-on video where we originally set up the device to recognise a face and not a picture of a face.

Also, while we were doing the test, there were a few people watching including some of bloggers from the Malaysian contingent that went to Jakarta to with us for the regional launch of the Galaxy Note and a few reps from Samsung Malaysia and Samsung Indonesia. We did a couple of takes before deciding on the final video and those who were there saw that the phone recognised both the face and the picture of the face.

It is a great pity that we didn’t record this. Just that one simple action of showing the device recognising a face and a picture of the face in the same video would convince everyone beyond a doubt that the test is real, but alas, we forgot do it. We hope that those who were there and saw us doing the test can comment to confirm that this test is legit and that the Face Unlock feature can be defeated by a picture. If anyone reading has a Google Galaxy Nexus, please try the test out for yourselves and do share the video with us, we will more than happy to link to the video here.

More importantly is that we proved that it is possible to use a picture to unlock the Galaxy Nexus using Face Unlock. This is important because the Koushik Dutta, a CyanogenMod developer, asked the same question just last month and Time Bray, a Developer Advocate at Google who is focusing on Android, replied that it was not possible to use a picture with Face Unlock.

Though, in all fairness, Google did mention that Face Unlock is less secure than a pattern, pin or password and that someone that looks similar to you could unlock your phone. So essentially, Face Unlock is very similar to slide to unlock but a bit more secure, though not as lock tight as a password.

Having said that, we like Face Unlock. We like that we can just look at the Galaxy Nexus and it will unlock. Perhaps Google can make Face Unlock as an additional security measure. For example, before you can access the pattern unlock, the device needs to verify you with Face Unlock first. Or you can add a password feature to company the picture, so after the device recognises your face, it asks for a password that you must enter. To speed up the process the device can give you options that you just tap instead of needing to key in the password character by character.

What do you think about Google’s Face Unlock feature?

Here are some of the sites that featured our Face Unlock video:

  • Android 4.0 Face Unlock feature defeated using a photo [Video] — TheNextWeb
  • Android’s New Face Unlock Feature Fooled by a Picture — Gizmodo
  • Yes, Android’s New Face Unlock Feature Can Be Fooled With A Photo — TechCrunch
  • Face Unlock Tricked: Man Unlocks Galaxy Nexus Using Picture, Exposes Android Flaw (VIDEO) — Huffington Post
  • Digital image can dupe Android face-based lock — CNet
  • This Guy Just Exposed A Major Security Flaw In Ice Cream Sandwich — Business Insider
  • Face Unlock fail: Galaxy Nexus unlocks with a photo of your face (video) — Yahoo! News

Thanks everyone for updating us on the coverage and thanks so much for the support!

Related Posts with Thumbnails


Android, Galaxy Nexus, Mobile Devices, Mobile OS, Video
, , , , , , , , , , , , , ,
Wanna say something?






 

30 Comments for Clarification on the Ice Cream Sandwich Face Unlock video

Foo

To a camera, a picture of a face, or an actual face does not make a difference. Facial recognition identifies the eyes and chin and lips of a face. If those features are present in an image that is presented to a camera sensor (technically anything/everything is an image to a sensor), it will read it.

Weird how people jump on the bandwagon to say that the GNex was set up to recognise a picture. Again, technically it makes no difference.

Someone did say the security can be reinforced by setting up the facial recognition to recognise a face with a certain expression that only the user can reproduce, and not present in any photo. Worth a try.

Great job Soya CIncau for catering to queries by readers!

    ABC nCendol Malaysia

    Foo, i am strongly agree with your statements " Facial recognition identifies the eyes and chin and lips of a face. If those features are present in an image that is presented to a camera sensor (technically anything/everything is an image to a sensor), it will read it. "

    I think that Android 4.0 Facial recognition already was design with high precision and intelligent algorithms, but it is reality that to a digital camera. May be can download the application from link (software2Tech.com) below and try it on your PC.

    Download Link: http://software2tech.com/2011/11/12/why-android-4

Jon Lim

ya… i have an alienware laptop where it also uses the webcam to recognize the face to unlock the laptop during windows login… it's called alien sense… if my family wanna use it, they just show the laptop my picture and it will login to windows… the tech just isn't there to differentiate between a pic and a real face… so i was thinking will the same problem surface using face unlock, and there you showed it to us. it's worth noting that the time it took to recognize a face was much faster than my laptop, and also google admitting that using face unlock is much more insecure than using pin… i think it's just to showoff really… just like my laptop… haha

mambang

what is face unlock?

    Harry Tang

    READ, if u can

      mambang

      i read dy. never say. don't be so like aunty

        Peter

        That means you are too dumb to understand simple english.

          Anon

          Y U FEED TROLL?

          mambang

          troll?

faris

SoyaCincau!you've done a great job!well done,,*if the international blogger know what is the meaning of soyacincau,they will have no idea it is actually a tech blog* i'm proud to be one of your fans,you make malaysians proud soyacincau!

CwT

Until 3D camera has been implemented for facial recognition, I guess we wont be seeing a system that is able to distinguish between an actual face and a flst face printed on a surface.

Though it is sad to see there are fandroids thst actually protested against your test. Common sense depicts that facial unlock will work not only on an actual face.

    Dan

    Hardcore Android fanboys butthurt. I tot they should be smarter. Camera only shoot 2D of course it cannot tell the difference between face and photo. This is the similar technology as character recognition used in scanner all the time. Don't forget even thumbprint scanner can be fooled with photocopy.

Maximillian Frenky

Nice Soya Cincau,
I hope people not misunderstand the technology how it work.

Soon

Phone arena reported your article too ;) http://www.phonearena.com/news/Video-shows-Face-U

Waris Amir Mohammad

This article was quoted in The Verge just now. That's quite an achievement.

Soon

Phone arena reported your article too ;) http://www.phonearena.com/news/Video-shows-Face-U

ISheep

snarky john gruber too in his blog Daring Fireball. Its inevitable given his anti Android slant.

    -ym-

    Don't feed the trolls. Don't even mention him or his 'blog'. The sooner we get him off the Internet the better.

Toys

Hey, your video appeared in business insider: http://www.businessinsider.com/ice-cream-sandwich

Good job!

Stryker

Yep, caught it on Daring Fireball and The Verge too. Cool stuff.

Guest

Your video is in GSM Arena as well!~

matjoe

haha, tahniah wajah kacak mu ditonton di seluruh dunia.

Karl Doe

I think people are not obligate to use their "face" to lock the phone. If it works with a face, then it can works with any type of object ! You can lock your mobile with an object or a part of your body that can't be hijacked lol :p
Who said computer can think ? They can only compute… for now :)

    Rudolf Geschenkideen

    Thats a great idea! But maybe it is still looking for "face"-features and does not work if you train it for the picture of your ear. But of course you can train it with the picture of your girlfriend. (Real or wishful thinking :-) )

justine

congrats on being featured in all the mahadewa tech sites. awesome!

abutius

lu ada dalamm wired baiiiii

Rudolf Geschenkidden

Your story has made it to Austria/Europe. Congratulations! http://diepresse.com/home/techscience/mobil/andro

It is logical that the device cannot recognise the difference between your face and a picture. I think it is really just a useful feature for unlocking and no security feature.

@joshuatj

Mashable mentioned this article http://mashable.com/2011/12/15/googles-galaxy-nex

Bondai Razali

security flaws? i dont think so..
its just another way to unlock ur phone.. which i think is cooler than the normal "slide to unlock"… which has no extra security either…
so thumbs up to Google for coming up with this feature before Apple did… hehe..

andrew

sweet. Just got mine unlocked from http://www.unlockscodes.com/ off to china next week. cant wait