Samsung released its Galaxy S10-lineup recently and the devices have been making news since their release and now the Galaxy S10 is news again but for all the wrong reasons this time. Samsung ditched the IR scanner in favor of an in-display fingerprint scanner and camera-based face unlock technology. Unfortunately, the latter authentication method has turned out to be not so secure.
Unbox Therapy and The Verge were both able to bypass the face unlock authentication method on Galaxy S10 with the help of a video played back on another phone.
It is not clear as to whether these outlets disabled the faster recognition option, which boosts unlock speeds at the expense of security. Tech Website SmartWorld told Android Police that they disabled the feature when they were able to successfully unlock the device with a photo.
Jane Wong, an app developer and teardown specialist, reported that she was able to unlock her brother’s Galaxy S10 Plus with her face. This is not the first time a phone mistook someone else for its owner, and manufacturers usually warn users about the perils of using camera-based face unlock. But the issue with the Galaxy S10 is that it is able to unlock itself if presented with video playback of the owner’s face.
I unlocked my brother's Galaxy S10+ with my face
— Jane Manchun Wong (@wongmjane) March 9, 2019
The camera-based authentication method is not very secure and has a history of problem related to security, going back to Android 4.0 Face Unlock in 2011. Back then, it was reported that the technology can be fooled using a simple photo.
Face Unlock using structured light and time-of-flight sensor has since become the norm for several flagships. These solutions are able to calculate facial details and contours, largely negating photo and video spoofing.