face scanning

Face Unlock, the feature first introduced by Android 4.0 Ice Cream Sandwich started as a wonderful, innovative idea which should have protected the smartphone from unauthorized access, based on a rather simple idea: face recognition. Unfortunately, the level implemented was rather low, with tricks being easily performed to bypass the system and Google has realized that it needs to update the algorithm in Android 4.1 Jelly Bean, but unfortunately, without any success for the moment.

How does the system work?

Well, Google implemented the Face Unlock system as a simple feature which can be configured by letting the Android smartphone scan a picture with the user or, its own face. Although the second option was rather left aside by Google in media presentations, primarily touting users to opt for a picture, it still works. Once the phone created a software image of its owner, it would compare this image with the data received when the user tries to unlock the screen, sent by the front-facing camera.

Nice idea, implemented badly

face unlock can still be hacked in android 4.1 - here’s how - facial scan 416 dc

The first issue found in Face Unlock was that the user could have easily fooled the system by presenting a picture of the owner whenever it wanted the phone to be unlocked. Google’s algorithms couldn’t spot the difference and thus, the whole system was rendered a bit useless. When hearing the news, the Internet search engine based company decided to improve its accuracy, by introducing a new update in Jelly Bean.

The improvement was also simple, but fixed almost all problems. Whenever the Face Unlock feature would have checked a face, it would make sure first that the person could blink. This destroyed the use of the picture trick, but not for those innovative.

How to bypass Face Unlock in Android 4.1

Again, the system can now be fooled. This time, it would require a bit of photo editing skills, which can be performed with most applications, even with Paint. The blinking check present in Face Unlock can be outsmarted by doing the following:

  1. Find a recent picture of the owner, that wouldn’t be so hard these days.
  2. Now “replace” the eyes by painting the area with the same color as the surrounding skin. This color can be easily retrieved from the area surrounding the nose, the one usually having the same shadows as the eyelids.
  3. Introduce a flash effect which would constantly switch between the two pictures, thus recreating the visual image of a blink.

Although Google has narrowed the range of possibilities with which their security system can be tricked, gaps still exist. It’s a great start, but things still have to be done and let’s hope that Google will step its game up a notch in the next upgrade. Who knows, maybe retina scans would do the trick, right?

Was this article helpful?