Face Unlock is one of the coolest things about the new Android OS. But while this high tech security function is neat, it isn’t very secure. If you’re one of the millions of Android users with Face Unlock, read on to find out just how easy it is to access your information. Spoiler alert: It’s super easy.
The First Problem
How Ice Cream Sandwich’s Face Unlock was supposed to work: Just smile at your phone’s front-facing camera to unlock it; feel sort of like an MI6 agent. Forget your password and the list of excuses you used to keep it secret from your girlfriend. Officially become a citizen of the future, call phones that still use passwords “so 2011”.
How Face Unlock actually worked: Log on to the Facebook account of your possibly cheating boyfriend, favorite friend to prank or theft victim. Print out any one of the hundreds of shots from their ample Facebook collection. Hold it in front of their Android’s camera and unlock their phone.
Hack is probably too sophisticated a word from this simple maneuver. And that’s the problem with Android: they pump out tech before during the research. Surely a few high school students locked in a room with a prototype for 30 minutes could have figured this out.
And you’d think that Google would shell out the few bags of Doritos (that’s what high school students get paid, right?) it would cost for this minimal testing. Or maybe they think that any publicity, even security-breach publicity is good publicity. We don’t know what’s going on there anymore.
The Second Problem
After the security value of Face Unlock became a joke in the tech community, Google sort of tried to fix it in Android 4.1 Jelly Bean.
Here’s how it was supposed to work: The new, even more futuristic Face Unlock now detects facial movement! Now when you smile for the camera, it reads your facial movements so it knows you’re a human and not some paper facsimile. Any potential hackers are thwarted by your phone’s superior technology, and they’ve wasted expensive color photo printer ink for nothing.
How it really worked: Face Unlock doesn’t actually check to see if you are human or not. It just checks to see if you can blink. Turns out, blinking is not the sole defining characteristic of human beings.
Hackers quickly figured out that pictures can blink too. Now they just print two photos of you instead of one. They Photoshop the eyes closed on the first picture. Then they flash the first picture immediately followed by the second. Voila! Blinking.
Now the only thing standing between your hacker and your phone is the amount of color ink left in the printer.
This is Getting Ridiculous You Guys
Google is in trouble. At this point, hacking Android phones is almost like a game. Thousands of hacker/bloggers that just sit around waiting for the next Android development so they can let the world know how to get at your information. If Google doesn’t get it together, they’re going to end up being just the opening that Windows Phone needs to corner the smartphone OS market.