Experts have proven once again that facial recognition on modern devices remains hilariously insecure and can be bypassed using simple tricks such as showing an image or a video in front of a device's camera.
The latest device to fall victim to such attacks is Samsung Galaxy S10, Samsung's latest top tier phone and considered one of the world's most advanced smartphones to date.
Unfortunately, the Galaxy S10's facial recognition feature remains just as weak as the one supported in its previous versions or on the devices of its competitors, according to Lewis Hilsenteger, a smartphone reviewer better known as Unbox Therapy on YouTube.
Hilsenteger showed in a demo video uploaded on his YouTube channel last week how putting up a video of the phone owner in front of the Galaxy S10 front camera would trick the facial recognition system into unlocking the device.
Similarly, an Italian journalist from SmartWorld.it also unlocked a Galaxy S10 device using nothing but a photo, which would be much easier to obtain by an attacker, compared to a front-facing video of the device owner.
However, this method didn't always yield the same result when others tried to replicate it --unlike Hilsenteger's approach, which seemed to work almost every time.
Hearing that users have cracked the facial recognition screen lock feature in one of the world's top phones didn't trigger the same shock and awe reaction that it used to a few years back.
This is because in the past few years, both security researchers and regular users alike have bypassed the facial recognition feature on a plethora of devices.
For example, users bypassed the facial recognition on a Samsung S8 using a photo, they bypassed Apple's FaceID feature on an iPhone X with a $150 mask, they broke into many top tier Android phones using a 3D-printed head, and they used the same 3D printed head method to gain access to a Windows 10 device protected by the Windows Hello biometrics solution.
In fact, the issue is quite widespread. A study by a Dutch non-profit last year found that investigators could bypass face unlock-type of features on 42 out of the 110 smartphones they tested.
The issue with all these facial recognition systems implemented in current commercial products is that they don't perform any type of 3D depth scans of the tested face, but merely look at the position of the eyes, nose, or mouth to authorize a person and unlock a device --hence the reason most of them can be bypassed by flashing photos or videos in front of their cameras.