from the dead-sure-that-it-shouldn't-do-that dept.
Submitted via IRC for SoyCow1984
Pixel 4's 'Face Unlock' works even if you're asleep or dead -- and that's a problem
Google's new Pixel 4 smartphone doesn't have a fingerprint sensor. Instead it relies on "Face Unlock," a proprietary facial scanning system similar to the one found in Apple's Face ID. Early reports show a system that works well, perhaps too well, in fact, according to some security experts.
To unlock a Pixel, the operator must hold it up to their face while onboard cameras and sensors go to work scanning their mug for defining characteristics — the distance between your eyes, for example. Once the device is confident it's you, it unlocks and allows you to access the operating system.
With Google's system, according to the BBC, the Pixel's Face Unlock function works even if a user's eyes are closed, a clear and security risk for anyone with a Pixel 4. Using default settings, users who are asleep, or even dead, could unknowingly unlock their phone for others.
According to Google representatives, "Pixel 4 Face Unlock meets the security requirements as a strong biometric." True, but this in and of itself might not be enough. At its launch, Pixel product manager Sherry Lin said, "There are actually only two face [authorization] solutions that meet the bar for being super-secure. So, you know, for payments, that level — it's ours and Apple's."
(Score: 1) by RandomFactor on Sunday October 20 2019, @01:31PM
taking over everywhere.
В «Правде» нет известий, в «Известиях» нет правды
(Score: 2) by Rosco P. Coltrane on Sunday October 20 2019, @01:38PM (2 children)
People who are asleep might get pissed off. Personally though, I'm more worried that this feature also works with a mugshot...
(Score: 0) by Anonymous Coward on Sunday October 20 2019, @02:25PM (1 child)
Relatives of a dead man might care that sensitive data remains unavailable to outsiders, though.
(Score: 0) by Anonymous Coward on Monday October 21 2019, @12:51AM
Perhaps, but handling things like this isn't something that the law allows for the time being. There is no way of safely storing the log in information to permit retrieval by authorized parties and not by unauthorized ones. This apparently, allows access for the family members and anybody else with access to the body. Which could suck for criminal coconspirators or if there's embarrassing things on there, but also means that personal things aren't lost.
It's unfortunate that there's likely never going to be a way of handling these accounts so that they're only accessed after death for purposes that the deceased agreed to that doesn't also allow law enforcement to abuse access.
(Score: 0) by Anonymous Coward on Sunday October 20 2019, @02:17PM (1 child)
I can't tell if the Mrs. is alive, unless I poke her with something. A phone should know better?
(Score: 3, Funny) by stretch611 on Sunday October 20 2019, @04:28PM
In your case, the "Mrs" wishes she was dead.
Now with 5 covid vaccine shots/boosters altering my DNA :P
(Score: 2) by Common Joe on Sunday October 20 2019, @02:31PM (4 children)
Not everyone closes their eyes when they die.
And having eyes open isn't always an answer either. Not everyone has normal looking eyes, or even eyes to begin with. Those who have been totally blind since birth don't tend to open their eyelids at all.
(Score: 3, Interesting) by SparkyGSX on Sunday October 20 2019, @05:18PM (3 children)
Detecting the natural movement in the eyes seems fairly simple, and would prevent unlocking while you sleep, assuming you'd wake up when someone tries to hold your eyes open, without their hand blocking the view.
Both failure modes (unlocking while sleeping or while dead) also exist with fingerprint scanners, although you may or may not wake up when someone tries to use your finger to unlock your phone while you're asleep.
As for the people without eyes or who normally don't open theirs, they are an incredibly small minority, and for them, passcodes or patterns can be a workable alternative, or they could simply buy a phone that does have a fingerprint scanner.
If you do what you did, you'll get what you got
(Score: 0) by Anonymous Coward on Sunday October 20 2019, @06:35PM (2 children)
Not if you're Chinese!
(Score: 0) by Anonymous Coward on Sunday October 20 2019, @09:37PM (1 child)
I don't get the joke. Care to elaborate?
(Score: 2) by DannyB on Monday October 21 2019, @02:04PM
> I don't get the joke. Care to elaborate?
My father's Chinese: /* *\
My mother's Japanese: *\ /*
But I'm just a plain ol' kid: /* */ or *\ \*
(and my friend is European: (* *) )
The lower I set my standards the more accomplishments I have.
(Score: 3, Insightful) by bradley13 on Sunday October 20 2019, @03:28PM (6 children)
This is not news. At best, biometrics can supplement a password, but by themselves they are not secure.
Everyone is somebody else's weirdo.
(Score: 3, Informative) by stretch611 on Sunday October 20 2019, @04:26PM (3 children)
Exactly.
I just got a new phone. (my 4 year old phone started to not charge due to a loose USB connector.)
It had both face unlock and fingerprint scanning. The first thing I did was disable both and add a passcode.
Now with 5 covid vaccine shots/boosters altering my DNA :P
(Score: 0) by Anonymous Coward on Sunday October 20 2019, @09:39PM (2 children)
why not enable both and add a passcode... if your aim is to be as secure as possible.
I think if you're a banking/payment app, you'd want to enable tired combo of secrets depending on the task.
(Score: 2) by MostCynical on Sunday October 20 2019, @10:19PM
Most phones allow only one form of security at a time, and, alas, only one to unlock everything..
I, and many others, would love one unlock to make calls, send messages, &c, and then a second unlock for anything else (adding or deleting, operating system changes..)
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 4, Insightful) by NotSanguine on Sunday October 20 2019, @10:26PM
You need to stay the hell off my gigantic security failure waiting to happen [malwarebytes.com].
in fact, anything related to my financial life has no place on any device that other folks can remotely control or update.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 3, Insightful) by Anonymous Coward on Sunday October 20 2019, @08:25PM
Anyone with a clue knows that biometrics should never be an alternative to passwords. At best, biometrics might be considered as an alternative to a user ID, but validating the identity claim should be something that can be changed. Nobody, government included (especially?), can be trusted not to share, leak, or otherwise misuse validation data.
When biometrics-as-password data invariably leaks, how are you supposed to change your fingerprints, retinal patterns, or whatever they're recording for facial recognition?
(Score: 0) by Anonymous Coward on Monday October 21 2019, @02:10AM
Yes, but once somebody has that cracked, then there's not much you can do about it. At least with dongles you can change the dongle to a different one. Try doing that with your face.
(Score: 2) by srobert on Sunday October 20 2019, @03:40PM (4 children)
Hey, it even works with decapitated heads! How convenient.
(Score: 0) by Anonymous Coward on Sunday October 20 2019, @07:01PM (3 children)
If I ever get a smartphone with Face Unlock I'll use my one brown eye to set the logon. Though... It might not be a good idea to unlock it in the grocery store line.
(Score: 0) by Anonymous Coward on Sunday October 20 2019, @08:30PM (2 children)
Heterochromia is real. What does it matter whether you use your brown or your blue (or whatever other) colored eye? It's not like a cell phone should be biased for or against any particular eye color.
(Score: 0) by Anonymous Coward on Sunday October 20 2019, @09:30PM (1 child)
This is true. Sometimes the moon is blue. Even when the eye is brown. All the same, the ass is still bare.
(Score: 0) by Anonymous Coward on Sunday October 20 2019, @09:51PM
My ass is hairy you insensitive clod!
(Score: -1, Redundant) by Anonymous Coward on Sunday October 20 2019, @04:23PM
... and that's a problem!
(Score: 3, Interesting) by FatPhil on Sunday October 20 2019, @06:59PM (3 children)
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 0) by Anonymous Coward on Sunday October 20 2019, @11:37PM
I see a future where phones have brainwave sensors. Hold it next to your head and remember a memory and your unique brainwaves unlock it. Can't duplicate that (yet)
(Score: 3, Informative) by coolgopher on Monday October 21 2019, @07:15AM (1 child)
You mean something like this [techcrunch.com]?
(Score: 2) by FatPhil on Monday October 21 2019, @10:31AM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: -1, Redundant) by Anonymous Coward on Monday October 21 2019, @01:21AM
"Smile to open" where the face must match and change to a preset expression. Smile. Frown. Whatever.
Problem solved. You're welcome.
(Score: 2) by DannyB on Monday October 21 2019, @02:08PM
GenteelGentleGentileGenital recognition.Just as uniquely different as faces.
Dead ones don't get, um, "activated".
It's a lot much more difficulter to find a photo to try to fool the recognition system.
What's not to like?
The lower I set my standards the more accomplishments I have.