Over the past weekend, social media platforms were flooded with videos showcasing how unsecure Samsung’s latest Galaxy S10 is when using its face unlock system for unlocking the device.
From popular YouTubers to the tech media, the internet was overflowing with articles and videos showcasing how Samsung’s not-so-secure facial unlock system can be fooled by feeding it with a photo or video, it also doesn’t seem to be able to tell siblings apart.
Samsung Galaxy S10 face unlock system can be fooled
The Samsung Galaxy S10 and the S10e both use a single front-facing camera.
The cameras can just read 2D data (mainly photos) without checking for a depth map of your mug, which also makes it easy for someone else (family, friends, annoying office colleagues, Apple fanboys and thieves) to use a photo or a video to unlock your smartphone.
Samsung’s not the only smartphone manufacturer to offer this “unsecure security feature”.
When asked, most smartphone brands told us that despite being unsecure, face unlock is only in place for convenience, in case you find the fingerprint reader slow or have small hands and find it hard to reach at the back. This applies to everything from budget Redmi phones to the more premium OnePlus 6T.
This is also why Android apps still use fingerprint authentication for banking transactions and unlocking apps. Indeed, everything from a Rs 7,999 Xiaomi Redmi 6 to the Rs 83,000 Pixel 3 XL still uses the capacitive fingerprint reader as a more secure method to unlock your device.
Most manufacturers even put up a disclaimer when you register your face, and most will state that the fingerprint reader is a secure alternative.
But hey, you can also fool Apple’s Face ID
But enough with the S10 and S10e, a recent case even showcased how a security researcher was able to unlock her brother’s Galaxy S10 Plus (dual front-facing cameras) using face unlock. There could be several issues here, including the fact that the software can’t tell between faces with genetic similarities (in terms of how Samsung’s algorithms interprets the 2D data). That being said, it is quite difficult to fool the dual front-facing camera setup on the Galaxy S10 Plus with a photo or a video.
Having reviewed the Galaxy S10 Plus, I was not able to test the face unlock system out with twins (not that I have one) or siblings. But I’d like to point out how Apple’s Face ID is also not 100 percent secure.
Apple’s Phil Schiller’s claimed that the probability of a random person accessing your iPhone using Face ID is 1 in a million (it’s 1 in 50,000 for Touch ID).
Despite being a 3D facial recognition system that uses cameras and lasers to throw and interpret light patterns, it has been fooled several times not just by twins, but also by office colleagues and even by a mother and a son. However, Apple did attribute the same to a training process, which as experienced with my daily driver, the iPhone XR, does get smarter and better with time.
Apple notes that Face ID attempts to learn from its mistakes — when Face ID fails and you have to enter a code. In theory, if a person with a face that’s similar to yours uses it in the learning phase, Apple’s algorithm might merge that person’s attributes into yours as well.
Galaxy S10 users really don’t have much of choice
Sadly though, most Samsung S10 users may end up logging into their smartphones using their faces.
The ultrasonic in-display fingerprint reader does not have a high success rate at recognising fingerprints. You have to add the right amount of pressure and more importantly, find the right spot to place your finger (especially when the phone’s lying flat on a table with no marker).
To make things worse, the new Galaxy S10, S10e and the S10 Plus only offer one form of secure biometric authentication, and that is the ultrasonic in-display fingerprint reader.
Unlike the previous flagships, Samsung got rid of the iris scanning technology, possibly because it occupied too much space and came in the way of their bezel-less smartphone dreams.
Samsung’s biggest problem with the S10 and S10 Plus is its fingerprint reader, which is just not consistent when it comes to performance and leaves users with no choice other than to use an unsecure face unlock system that’s easy to spoof.