Samsung made a big deal about how many ways in which the new Galaxy S8 can be secured and unlocked. Users can opt for a traditional PIN, pattern or passcode, or they can unlock the handset with a fingerprint, a scan of their iris, or with facial recognition.
But a video has surfaced just days after its launch showing this final security option, where the phone will only unlock in front of its owner's face, can be bypassed using a photograph of the registered user.
A video recorded by Marcianotech at the phone's launch shows a Galaxy S8′s facial recognition feature being fooled with a photo of the owner - or rather, a photo of the journalist who set themselves up as the owner. Although it takes a few attempts to gain access to the device, eventually it recognises the photo thinking it to be the user and the phone unlocks.
It can be seen that the photo used to trick the device into unlocking itself was taken from a similar angle and distance as the actual face of the user when setting the lock. Similar to fingerprint readers, the facial recognition system takes not one but several photos and scans of the face to authenticate the user.
The front camera sensor of the device stands at eight megapixels with auto focus but has no 3D sensing feature. It may be due to this that despite detailed scans the device's sensor fails to distinguish between a 2D photo and a real face.
The demonstration given is for the Galaxy S8 and not the S8 Plus. But given that the facial recognition software is the same for both and the front camera also has the same megapixel capacity, it is likely that an S8 Plus model may also make the same mistake. This demonstration was performed on an S8 at Samsung's Unpacked press event and several weeks before the phone actually goes on sale. It should be simple enough for Samsung to roll out a software update before the S8 arrives to customers who have pre-ordered on 21 April. The phone will go on sale in stores eight days later.
The Galaxy S8 and S8 Plus are not the first Samsung phones to feature this technology. The unlock method first appeared on the Galaxy S3 in 2012 and was also tricked by a photograph, as demonstrated at the time by IBTimes UK. A software update was rolled out to ensure the phone would not unlock until the owner blinked.