Google Pixel 4’s Face Unlock Feature Works With Eyes Closed, Sparking Security Concerns

Google has ignited security concerns over the facial authentication system in its new Pixel 4 smartphone by admitting that it will unlock the device even when the user's eyes are shut.


Google unveiled the Pixel 4 this week to mostly positive reviews, many of which praised the phone for is super-fast new face unlock system, which replaces the fingerprint sensor and works much the same as Apple's Face ID on iPhones, except for one key security feature.

The BBC has discovered that the Pixel 4 can be unlocked even with the user's face even if they're sleeping (or pretending to be asleep). That contrasts with Apple's Face ID system, which engages by default an "Attention Aware" feature that requires the user's eyes to be open for the iPhone to be unlocked. Attention Aware can be disabled for convenience, but the Pixel 4 lacks an equivalent security feature entirely.

To its credit though, Google isn't hiding this fact. A Google support page reads: "Your phone can also be unlocked by someone else if it's held up to your face, even if your eyes are closed. Keep your phone in a safe place, like your front pocket or handbag."

To "prepare for unsafe situations," Google recommends holding the power button for a couple of seconds and tapping Lockdown, which turns off notifications and face recognition unlocking.

In early leaks of the Pixel 4, screenshots revealed a "require eyes to be open" setting for face unlock, so it looks as if Google tried to implement a similar feature to Apple's Attention Aware, but couldn't get it working in time for the device's launch.

Subscribe to the MacRumors YouTube channel for more videos.

Speaking before the launch, Pixel product manager Sherry Lin said: "There are actually only two face [authorisation] solutions that meet the bar for being super-secure. So, you know, for payments, that level - it's ours and Apple's."

Cyber-security experts disagree.

"If someone can unlock your phone while you're asleep, it's a big security problem," security blogger Graham Cluley told the BBC. "Someone unauthorized - a child or partner? - could unlock the phone without your permission by putting it in front of your face while you're asleep."

In a statement given to the BBC, Google said it would "continue to improve Face Unlock over time."


This article, "Google Pixel 4's Face Unlock Feature Works With Eyes Closed, Sparking Security Concerns" first appeared on MacRumors.com

Discuss this article in our forums

Apple’s Greg Joswiak Says Touch ID Will ‘Continue to Have a Role’

Apple's vice president of product marketing Greg Joswiak recently spoke with the UK's Daily Express about the future of its biometric authentication systems, noting that while Face ID will be expanded to more devices over time, Touch ID will "continue to have a role" for the foreseeable future.


"Certainly, we'll continue to put it on more devices but also Touch ID will continue to have a role - it's a great technology on our iPad lineup and we don't see it going away anytime soon," said Joswiak.

While the latest iPad Pro models are equipped with the more-expensive Face ID system, lower-end iPad, iPad Air, and iPad mini models still have Touch ID home buttons to keep costs down, and that will likely remain the case for years. Touch ID is also built into recent MacBook Pro and MacBook Air models.

As for the iPhone, Apple continues to sell older iPhone 7 and iPhone 8 models with Touch ID, but it has not introduced a new iPhone with fingerprint authentication since 2017. The upcoming iPhone 11 models are expected to stick with Face ID, which Apple says has been made 30 percent faster in iOS 13.

Looking ahead, multiple reports have claimed that Apple plans to release an iPhone with both Face ID and an under-display fingerprint scanner in 2020 or 2021. The under-display option could certainly be given a new name, however, to distinguish it from traditional Touch ID with a home button.


This article, "Apple's Greg Joswiak Says Touch ID Will 'Continue to Have a Role'" first appeared on MacRumors.com

Discuss this article in our forums

Bloomberg: Apple Planning iPhone With Both Face ID and Touch ID Under Display by 2021

Apple is developing an in-display fingerprint scanner for future iPhones, according to Bloomberg's Mark Gurman and Debby Wu.


The report claims Apple is considering including the in-display scanner in a 2020 iPhone if testing is successful, but adds there is a possibility the tech will not be ready until 2021. This lines up with a prediction from noted Apple analyst Ming-Chi Kuo, who expects an iPhone with both Face ID and in-display Touch ID in 2021.

The upcoming fingerprint reader would be embedded in the display, enabling users to unlock the iPhone by placing a finger almost anywhere on the screen, and it would complement rather than replace the existing Face ID system. This would give users the convenience of two biometric authentication options.

Face ID and Touch ID each have their weaknesses, such as Face ID not working well when an iPhone is laying flat on a table, or Touch ID not playing friendly with wet fingers. With both systems, users would have the best of both worlds, using the authentication option that is better in a given situation.

Several major Android smartphone makers have adopted in-screen fingerprint scanners over the past few years, including Samsung.

Apple is also working on its first low-cost iPhone since the iPhone SE, which could launch as early as the first half of 2020, according to Bloomberg. As Nikkei reported earlier this week, the device is said to look similar to the iPhone 8, including a 4.7-inch display and a Touch ID home button.

The iPhone 8 currently retails for $599 and up, while the iPhone SE started at $399, but was later discounted to $349.


This article, "Bloomberg: Apple Planning iPhone With Both Face ID and Touch ID Under Display by 2021" first appeared on MacRumors.com

Discuss this article in our forums

Researchers Demonstrated Method for Bypassing Face ID on an ‘Unconscious’ Victim’s iPhone Using Glasses and Tape

During the Black Hat USA conference in Las Vegas, researchers demonstrated a Face ID bypass method that used glasses and tape to unlock and infiltrate the iPhone of an "unconscious" victim.

According to a report from Threatpost (via iMore), researchers from Tencent aimed to fool the "liveness" detection feature in biometrics, which is meant to distinguish "real" from "fake" features on people.


Liveness detection, said the researchers, detects background noise and response distortion or focus blur, allowing it to make sure that a face is a real face and not a mask. This liveness detection is used by Face ID, and Apple even has an "Attention Aware" feature that makes sure your iPhone doesn't unlock unless you're looking at it.

To trick Face ID, the researchers created prototype glasses with black tape on the lenses and white tape inside the black tape to emulate the look of an eye. When putting the glasses over a sleeping victim's face, they were able to access his iPhone and send themselves money through a mobile payment app.

This method worked because the researchers found that liveness detection works differently with glasses and essentially doesn't extract 3D information from the eye area when glasses are worn.
They discovered that the abstraction of the eye for liveness detection renders a black area (the eye) with a white point on it (the iris). And, they discovered that if a user is wearing glasses, the way that liveness detection scans the eyes changes.

"After our research we found weak points in FaceID... it allows users to unlock while wearing glasses... if you are wearing glasses, it won't extract 3D information from the eye area when it recognizes the glasses."
An attacker attempting to use this method in the real world would need a victim that's sleeping or unconscious, access to that victim's iPhone, and then glasses would need to be placed over the eyes without waking the person up. It's worth noting that this isn't a situation most people are likely to run into, and there's also no secondary research on this alleged method this time.

To mitigate the eye detection loophole in the future, researchers suggested biometrics manufacturers add identity authentication for native cameras and "increase the weight of video and audio synthesis detection."

Apple has designed Face ID with easy access disabling measures for situations where a person might be coerced or forced into unlocking an iPhone with facial recognition. Pressing on the sleep/wake button of a Face ID-enabled iPhone five times in rapid succession brings up an emergency SOS screen that automatically disables Face ID and requires a passcode to be entered before Face ID works again. Pressing and holding the side/top button and a volume button also works on the iPhone and the iPad Pro.

Tag: Face ID

This article, "Researchers Demonstrated Method for Bypassing Face ID on an 'Unconscious' Victim's iPhone Using Glasses and Tape" first appeared on MacRumors.com

Discuss this article in our forums

Apple Promotes Face ID as Even Easier and More Secure Than Touch ID in Humorous New iPhone Ad

Apple's latest iPhone ad humorously demonstrates how Face ID is more convenient and secure than Touch ID for user authentication.

Timed with midsummer, the 30-second spot depicts a man napping on a reclining lounger in a backyard. After receiving a trio of iMessage notifications on his iPhone XR, he slowly raises the lounger to line up his face with the iPhone and unlocks the device with Face ID, all while continuing to lay down.


The messages come from a friend named Craig, who asks the man if he still plans to come around, suggesting that the two had made plans together. Instead, the man promptly returns to his nap alongside his dog. The ad is aptly titled "Nap" and features the song "Nice" by Grammy Award-winning DJ Latroit.


Face ID debuted on the iPhone X in 2017. At the time, Apple said the probability that a random person could unlock someone else's iPhone X was approximately one in 1,000,000, versus one in 50,000 for Touch ID.

The ad is part of Apple's ongoing "That's iPhone" marketing campaign promoting both hardware and software features of the device, such as iMessage encryption, App Store privacy, iPhone material recycling, and water resistance. "Face ID is even easier and more secure than Touch ID. That's iPhone."


This article, "Apple Promotes Face ID as Even Easier and More Secure Than Touch ID in Humorous New iPhone Ad" first appeared on MacRumors.com

Discuss this article in our forums

Popularity of OLED Smartphones With In-Display Fingerprint Scanners Continues to Grow in 2019

The popularity of OLED smartphones with in-display fingerprint sensors will continue to gather pace in 2019, DigiTimes reports this morning, despite Apple's decision to move away from the technology in favor of face recognition.

Citing industry sources, the report says that rising popularity for fingerprint scanners in smartphone screens is being driven by a reduction in sensor prices and the price gap between OLED and LCD panels.

The market size of OLED panels with in-display fingerprint sensors has expanded significantly as handset vendors including Samsung Electronics, Huawei, Xiaomi, Oppo and Vivo have extended the adoption of in-display fingerprint sensing technology from the premium smartphones to mid-range models, said the sources.

The introduction of optical fingerprint sensing solutions by vendors including Synaptics and Goodix Technology in 2018, which came with more competitive pricing and fitted with the prevailing all-screen display design for smartphones, has helped bring down overall prices of in-display fingerprint sensor chips and therefore further drive up the popularity of such a technology, said the sources.
Apple was widely rumored to be attempting to integrate Touch ID under the display on the iPhone X, but the company's hardware engineering chief Dan Riccio later said it ditched any form of fingerprint scanning after hitting "early line of sight" with Face ID.

Apple has since done away with fingerprint recognition entirely in its flagship smartphone lineup, which includes the iPhone XS, iPhone XS Max, and LCD-based iPhone XR. All have a notch at the top of the screen housing the TrueDepth sensing camera in lieu of a Home button, which contains Touch ID's focused capacitive drive ring in earlier iPhones. Apple's latest iPad Pro models have also inherited Apple's cutting edge face-recognition tech.

Apple's biggest rival, Samsung, includes an Ultrasonic fingerprint scanner embedded into the screen of its latest Galaxy S10 smartphone. Samsung's tech uses sound waves to create an intricate 3D map of the user's fingerprint. The Galaxy S10e meanwhile uses an Electrostatic Fingerprint Scanner on the Power button.

Apple has explored various in-display fingerprint scanner solutions in the past, including fingerprint sensing MicroLED displays. So far, Apple has not developed in-screen fingerprint technology for a consumer device, while Touch ID has found a new lease of life on laptop keyboards, specifically in Apple's MacBook Pro with Touch Bar range and the latest MacBook Air.


This article, "Popularity of OLED Smartphones With In-Display Fingerprint Scanners Continues to Grow in 2019" first appeared on MacRumors.com

Discuss this article in our forums

WhatsApp for iPhone Now Lets You Lock App With Face ID or Touch ID

WhatsApp has enabled a new Face ID authentication option for iPhones that support the feature, in the latest update to the messenger app (via WABetaInfo).

The Facebook-owned platform has been testing the feature for iPhone X and newer devices in its TestFlight beta releases for some weeks now, but version 2.19.20 of WhatsApp, now on the App Store, makes Face ID available for all users with supporting iPhones.

When enabled, users need to use Face ID to unlock the WhatsApp app, but they can still reply to messages from notifications and answer calls when the app is locked.

To require Face ID to unlock WhatsApp, tap Settings -> Account -> Privacy -> Screen Lock and toggle on the Require Face ID switch. Users with a fingerprint sensing Home button on their iPhones will see an option to Require Touch ID instead.


With the Face ID/Touch ID toggle enabled, users will see some additional options appear below that allow them to activate the authentication requirement immediately, after one minute, after 15 minutes, or after one hour.

When the app is locked, if the iPhone fails to recognize a face or fingerprint, users can alternatively choose to enter their iPhone Passcode to open WhatsApp.

Elsewhere in this update, a smaller change means users can now download individual stickers in a sticker pack from the in-app sticker store, rather than having to download the whole pack. Just select a stickers pack, tap and hold the desired sticker, then tap Add to Favorites in the pop-up pane.

WhatsApp is a free download for iPhone available on the iOS App Store. [Direct Link]


This article, "WhatsApp for iPhone Now Lets You Lock App With Face ID or Touch ID" first appeared on MacRumors.com

Discuss this article in our forums

Google Developing More Secure Face ID-Style Facial Recognition System for Android Devices

Google appears to be working on a facial recognition system that would offer similar security to Face ID, based on code for the next-generation version of Android that was highlighted by XDA Developers.

Code in Android Q, set to be shown off at Google's developer conference in May, points towards an advanced facial recognition system that would be secure enough to be used for authorizing purchases and signing into apps, in addition to unlocking a smartphone.


Furthermore, the code references a built-in hardware based sensor through error messages that are highlighted when the sensor is unable to properly detect a face.

Combined, these two factors suggest that Google is expecting future smartphones to feature an advanced facial recognition system that could perhaps be as secure as Face ID.

Android Q code referencing a secure face unlock system. Click to enlarge.

Right now, there are Android devices that are using 2D facial recognition techniques to replace a passcode, but none of those systems are based on 3D face scans like Face ID. Facial recognition used by Android right now is more rudimentary and easily fooled, which is why Android devices continue to use fingerprint sensors for operations that need more security like payments.

The Android Q code indicates Google is building a native secure facial recognition option into the next version of Android, which would allow smartphone manufacturers to create systems that rival Face ID.

Android Q code referencing a secure face unlock system. Click to enlarge.

Face ID was first introduced in 2017 in the iPhone X, and has since expanded to the iPhone XR, XS, XS Max, and the 2018 iPad Pro models. At the time Face ID was introduced, respected Apple analyst Ming-Chi Kuo suggested the sophistication of the 3D camera system Apple uses would be unable to be matched by Android smartphone makers for 2.5 years.

One and a half years later, there are still no Android smartphone manufacturers that have created a front-facing camera system similar to the TrueDepth camera system able to be used for all secure system functions like payments.

Google's work on adding secure facial recognition code to Android does, however, suggest that Android devices with Face ID-like systems are in the works and coming soon.


This article, "Google Developing More Secure Face ID-Style Facial Recognition System for Android Devices" first appeared on MacRumors.com

Discuss this article in our forums

Police Can’t Force You to Unlock an iPhone Using Face ID or Touch ID, California Judge Rules

Law enforcement officials can't force smartphone users to unlock their devices using fingerprints or other biometric features such as facial recognition, according to a Northern California court ruling from last week.

The ruling, which was shared this morning by Forbes, was the result of an Oakland investigation into possible extortion. Police officers asked the court for permission to seize multiple devices and then compel the suspects to unlock the devices using biometric authentication.


The court said that there was indeed probable cause to grant a search warrant, but that it was denied because the request to force the suspects to unlock their devices using biometric authentication "funs afoul of the Fourth and Fifth Amendments." From the ruling:
The Government, however, also seeks the authority to compel any individual present at the time of the search to press a finger (including a thumb) or utilize other biometric features, such as facial or iris recognition, for the purposes of unlocking the digital devices found in order to permit a search of the contents as authorized by the search warrant.

For the reasons set forth below, the Court finds that the Government's request funs afoul of the Fourth and Fifth Amendments and the search warrant application must be DENIED.
In further analysis, the court equated biometric authentication to a passcode rather than something like submitting to a DNA swab. It has been previously established that under the Fifth Amendment, a suspect cannot be compelled to provide the passcode of a device.

Biometric features like Touch ID and Face ID, said the court, serve the same purpose as a passcode, securing the owner's content, "pragmatically rendering them functionally equivalent."

The ruling also made an interesting point about the urgency with which law enforcement officials attempt to get a suspect to unlock a device biometrically, because after a device is passcode locked (iPhones will passcode lock after a short period without a biometric unlock), the government can't compel a person to enter the passcode. This urgency essentially confirms that a passcode and a biometric lock are one and the same.
This urgency appears to be rooted in the Government's inability to compel the production of the passcode under the current jurisprudence. It follows, however, that if a person cannot be compelled to provide a passcode because it is a testimonial communication, a person cannot be compelled to provide one's finger, thumb, iris, face, or other biometric feature to unlock that same device.
Biometric authentication measures have been a hotly debated topic, and previous rulings have suggested that Touch ID and Face ID are not equivalent to a passcode, though most rulings have pertained to Touch ID as Face ID is newer.

This has allowed law enforcement to force suspects to unlock their iPhones and other devices using biometric authentication. In October, for example, the FBI was able to force a man accused of child abuse to unlock his iPhone using Face ID.

The California court's most recent ruling could potentially have an impact on future court cases of this type, perhaps putting an end to the practice of forced biometric smartphone unlocking and the belief that a passcode is not equivalent to a biometric lock.

For now, though, Apple has implemented a method to quickly and temporarily disable Touch ID and Face ID by pressing on the side button of recent iPhones five times in quick succession.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


This article, "Police Can't Force You to Unlock an iPhone Using Face ID or Touch ID, California Judge Rules" first appeared on MacRumors.com

Discuss this article in our forums

Security Researcher Cancels Public Talk on Hacking Face ID After Employer Calls it ‘Misleading’

Chinese security researcher Wish Wu was set to give a talk on hacking Face ID at the Black Hat Asia hacking conference in Singapore in March 2019, but at the request of his employer, he's canceled the talk, reports Reuters.

His presentation, called "Bypass Strong Face ID: Everyone Can Deceive Depth and IR Camera and Algorithms," supposedly offered details on a way to get past Face ID on the iPhone X "under certain conditions."


Curiously, the Wu says that his hack did not work on the iPhone XS and XS Max. Given that the three smartphones use the same Face ID system, it's not entirely clear why a bypass method that works on the iPhone X wouldn't also work on Apple's newer devices.

According to an abstract of the talk, Face ID was able to be hacked on the iPhone X with an image printed on a black and white printer and some tape.

Wu was asked by his employer, Ant Financial, to withdraw from the talk. Ant Financial is known for its Alipay mobile and online payments platform, which works with Face ID.
Wu told Reuters that he agreed with the decision to withdraw his talk, saying he was only able to reproduce hacks on iPhone X under certain conditions, but that it did not work with iPhone XS and XS Max.

"In order to ensure the credibility and maturity of the research results, we decided to cancel the speech," he told Reuters in a message on Twitter.
In a statement, Ant Financial told Reuters that the research on the Face ID verification mechanism is "incomplete" and would be "misleading" if it were to be presented at Black Hat Asia. Despite this, the Black Hat conference said Wu's talk was accepted in the first place because Wu "convinced its review board he could pull off the hack."

A Face ID bypass or hacking method would be major news, as the feature uses 3D facial recognition technology to prevent it from being fooled by photographs, masks, and other means.

As Reuters points out, there have been no reports of a successful Face ID hack that others have been able to replicate since Face ID was introduced in 2017. Vietnamese company Bkav posted a few videos of Face ID being bypassed with a well-made mask, but other researchers have not been able to duplicate those results.

Face ID is not infallible, however, and has issues with facial recognition with children and identical twins.

Tag: Face ID

This article, "Security Researcher Cancels Public Talk on Hacking Face ID After Employer Calls it 'Misleading'" first appeared on MacRumors.com

Discuss this article in our forums