Facial recognition of the Galaxy S8 compromised by a simple photo

A simple photo displayed on a smartphone would deceive the face recognition of Samsung’s new high-end smartphone.

If you followed the launch of Samsung’s new high-end smartphone, the Galaxy S8, you may have noticed that the Korean smartphone is “ultra-secure” and uses several authentication systems including a classic code system, Fingerprint reader and facial recognition.

It is this last device that has just been struck a few weeks before the official marketing of the phone: on a video of iDeviceHelp published by Gizmodo (above), a user unlocks a demo model with a picture of him displayed On his own phone. A stranger could thus unlock your smartphone by having discreetly shot you beforehand with a bridge or any other camera with a long focal length!

A known weakness

This is not the first time facial recognition has been challenged. In addition to the fact that a twin or someone with the bulk of your traits can pass themselves off for you, no manufacturer has relied solely on this protection strategy for data authentication and manipulation Sensitive.

The proof being that Samsung, questioned by ArsTechnica about this weakness, plays it reassuring by specifying that “[…] facial recognition, whatever practical, can not for the moment not be used with the Galaxy S8 to authenticate The access (to services, ndr) of Samsung Pay or the Secure Folder “.

An industrial source questioned by the Korean Herald puts the nail in the affirmation that the facial recognition is designed “[…] for a fun use. It should not be regarded as a reliable measure of safety “.

Other smartphones like the new LG G6 already include facial recognition in their range of authentication techniques, but it is Samsung that has put the most emphasis on this system. And it is logically towards Samsung that the first warning shots turn.

It is not only in smartphones that the face allows to unlock the machine: Microsoft proposes its system Hello under Windows 10, a mechanism works with cameras meeting the specifications of the system RealSense of Intel. The difference compared to the Samsung system? RealSense cameras are above all “3D scanner”, ie image sensors backed by depth sensors (usually close to infrared). When the Samsung camera sees 2D and is fooled by an image, the cameras compatible with Windows Hello also analyze the relief of your face. A much more secure method than a scan so distant from the iris.

But that, Samsung seems to have forgotten.