The Samsung Galaxy S10 has been received with great reviews from critics, despite its expensive price tag. However, a new security breach may have been found with the new flagship, allowing the smartphone to be unlocked with relative ease.
The Samsung Galaxy S10 had ditched the iris scanner unlock system found in earlier models in favor of an in-display fingerprint sensor and camera-based face unlock technology. However, after some testing, it has been revealed the new authentication method presents serious security risks.
It's been reported that some users were able to defeat the Galaxy S10's face unlock security system through video playback from another phone, giving security hackers the chance to simulate the owner's facial features.
To prevent this breach, users may want to consider disarming the faster recognition option on their Samsung Galaxy S10. While the option boosts the speed of unlock, it does so at the expense of security. It is possible that the users who were able to defeat the facial security feature have had the above option enabled. However, other reports say that security was still defeated, even though they had this particular feature disabled when they did their own testing and was still able to unlock the Samsung Galaxy S10 with a picture.
However, the woes of the Galaxy S10's face unlock security feature doesn't stop there. App developer and teardown specialist Jane Wong was able to unlock her brother's Galaxy S10+ with her own face. Manufacturers have warned people before about the perils of the camera-based face unlock before, following several past incidents of mistaken identity. However, the Samsung Galaxy S10's facial recognition feature is being tricked by photos and videos, which is not a good look for the Samsung flagship smartphone.
Camera-based face unlock features already have a tumultuous history, dating back to the Android 4.0 Face Unlock way back in 2011. The face unlock then was able to be tricked by a simple photograph. Google tried to circumvent this problem by implementing a liveliness check like blinking, however this too could be circumvented by photo editing.
Face Unlock nowadays uses a mixture of structured light or time-of-flight sensors and has become the preferred authentication method for several flagships. These sensors allow detection of not only the face, but also contours, which allows photo and video manipulation to be negated.
The previous Samsung flagships, the Galaxy S9, Galaxy S9+, and Galaxy Note9, have been tested for this particular exploit before. However, unlike the Samsung Galaxy S10, none of the previous flagships were fooled by a photograph. One angle being looked on is the removed iris scanner from the Galaxy S10, which is still present in the previous flagship models.