The Galaxy S8 gives users a choice between iris scanning, a fingerprint sensor, PIN, or facial recognition. The last is a feature that we’ve seen work brilliantly with Windows Hello, but Samsung’s implementation doesn’t seem quite there. iDeviceHelp has published a video that shows how the S8’s facial recognition can be easily fooled by an image on a phone screen. Though it takes a little wiggling, the sensor eventually detects the face and unlocks. Naturally, this is a pretty big security flaw. If the attacker only needs a picture of the user to get into the phone, it’s barely worth having at all. Though many users will opt for fingerprint sensing, Samsung’s implementation instills a false sense of security.
There’s Still Time
Despite the fault, it’s worth noting that the phone isn’t yet widely available. It’s possible Samsung is working on the flaw already. It should be fixable on the software side, so it wouldn’t be too hard to push out an update. However, other publications have also had issues with the Galaxy S8. An industry source stated to The Korea Herald: “The phones can be unlocked by the face of a sleeping person, or even just by a photo. For now, the facial recognition technology is only intended for fun. It should not be considered as a foolproof security measure.” This begs the question: why they add it to the list of security features on the Samsung S8 the first place? A piece of fun has no place next to serious safety measures, especially when users aren’t aware of the difference. With hope, the company will remedy the issue before the phone’s launch in April, or they could face further backlash.