As we all know, the Face Unlock feature from Androids Ice Cream Sandwich was simply appalling. The chances of your face being recognised were pretty slim (Better on newer devices) and someone could hack into your phone with a simple picture of you. Well sadly it appears that the updated version of Face Unlock on Jelly Bean 4.1 is still flawed. The updated version requires the user to blink before the phone unlocks as part of a “liveliness check”, this would in theory eliminate photo based hacking. A group of Youtube users demonstrate how it is still flawed:
The method is ridiculously easy:
Find a relatively clear photo of your mark, use a photo editor (Paint.NET in this case) to cover his or her eyes with their corresponding skin tone, and flash the original and modified images on a monitor. Point the Jelly Bean device towards the monitor, flip the images when directed, and bang – unrestricted access.
Far be it for me to warn against using Face Unlock but this is clear evidence that we seem to be far from a secure Face Unlock feature. It seems the good old pin protection is still the best method.
Via Android Police