Google’s Pixel 4 line launched only a couple of days ago, and a major issue with the device’s face unlock feature has already been discovered.
Google’s newly revealed Pixel 4 was met with excitement for several reasons, including the introduction of facial-recognition security. Google boasted that this method was a quick and effective way to keep your phone safe, but in practice, there is a major issue with this supposedly secure system.
Now, a new report from BBC explains that the Face Unlock mechanism works even when the device owner has their eyes shut, something that facial recognition systems are usually configured to prevent.
“If someone can unlock your phone while you’re asleep, it’s a big security problem,” cyber-security expert Graham Cluley told BBC. “Someone unauthorized — a child or partner? — could unlock the phone without your permission by putting it in front of your face while you’re asleep. I wouldn’t trust it to secure the private conversations and data on my phone.”
BBC reporter Chris Fox shared a video demo of the Pixel 4 facial recognition unlocking with closed eyes (or a dead face):
— Chris Fox (@thisisFoxx) October 15, 2019
Google seems to be aware of the problem, stating on a Pixel 4 help page that: “Your phone can also be unlocked by someone else if it’s held up to your face, even if your eyes are closed.” Google encourages users to keep their phone in a safe place “like your front pocket or handbag” to reduce the likelihood of these events.
Apple’s recent iPhones, which also support a facial recognition security system called Face ID, require by default that your eyes be open in what it calls an “Attention Aware” feature. Although it can be disabled for your convenience should you choose, the default setting is to enhance your security by requiring that your eyes be open and looking at the phone, so it shouldn’t work while you’re sleeping or otherwise unaware of what is occurring.
Google is the second major phone vendor in the past week that has had problems with its biometrics authentication systems.
Earlier today, Samsung confirmed they were working on a fix for a bug that allowed a bypass of the fingerprint sensor authentication of Galaxy S10, S10+, S10e, and Note 10 handsets.