Samsung’s newest biometric security feature is certainly cool — but it has a critical weakness. The Korean company’s upcoming flagship, the Galaxy S8, will come equipped with a biometric facial recognition system — basically, you can unlock your Galaxy just by looking into the front-facing camera. Reportedly, it’s works very smoothly and is actually faster than a traditional fingerprint authentication system.
But the new facial recognition feature has a fatal flaw that could potentially render the feature useless as a security measure: it can be fooled by a picture. This weakness was first spotted by iDeviceHelp, who ran a test using a picture of the phone’s registered user displayed on another smartphone. By holding that picture up to the front-facing camera, they were able to authenticate the phone’s facial recognition and unlock the device.
In the wake of that video, Samsung provided a statement to Business Insider saying that the facial recognition technology isn’t meant to be a true security feature: “Facial recognition is a convenient action to open your phone — similar to the “swipe to unlock” action,” the Samsung spokesperson told the publication. “We offer the highest levels of biometric authentication — fingerprint and iris — to lock you phone and authenticate access to Samsung Pay or Secure Folder.”
Reportedly, Samsung’s upcoming flagship will warn users who are setting up facial recognition that it’s not a secure method of locking a device. As The Verge notes, the demoed devices weren’t final products — so it’s possible that Samsung will tighten up the phone’s security before launch. But that might be a dubious hope this close to the device’s launch on April 21, however.