Jelly Bean’s Face Unlock “Liveness Check” Easily Fooled With Basic Photo Editing

Google took security to the next level in Jelly Bean by integrating a new feature into Face Unlock called “Liveness Check” that requires users to blink, or so they thought. A team of YouTube users have managed to bypass the mandatory check with just a Facebook picture and a few minutes of photo editing.

Simply find a relatively decent image of your mark, import it into a photo editor and then use the paint tools to cover their eyes with the corresponding skin tone. Then just point the Jelly Bean device’s camera at your computer monitor and cycle between the two images as if you were blinking — it’s that easy. You will then gain unrestricted access to the target’s phone.

If you plan on keeping any sensitive data on your smartphone we’d suggest utilizing Google’s pattern or numerical unlock sequences. Don’t rely on Google’s Liveness Check to keep your information secure. As it sits, Face Unlock is more of a gimmick than it is an actual security measure.

AndroidAuthority

Tags: Bypass, face unlock, Hack, Jelly Bean, Liveness Check, Photo Editing, Photoshop

Hoffman 10 pts

I have never seen Face Unlock as a security lock, but as a hands free way of opening the phone, just like the slide to unlock is not meant as a secure password. Who would think that an image would be secure?

share flag

spam
offensive
disagree
off topic

bspitzer 6 pts

Is there a way to only make a password for certain apps? Such as the phone book where most probably have their cc info and other personal info stored. It is too much of a pain to always use a swipe pattern or numerical pattern every time I unlock my phone. That is why almost 3 years into using Android, I still have mine unprotected. Google needs to introduce this before Apple does, then they can tout "increased security with minimal interference with the user experience."

oneillperson 8 pts

bspitzer While it's not integrated into Android yet, there are some apps out there that do that. From my experience, the best is easily Smart App Protector. I've been using it for over a year now and it's a fantastic app.

https://play.google.com/store/apps/details?id=com.sp.protector.free&feature=more_from_developer#?t=W251bGwsMSwxLDEwMiwiY29tLnNwLnByb3RlY3Rvci5mcmVlIl0.

oneillperson , JeanMarc1

Thanks for your input!

JeanMarc1 6 pts

bspitzer I like app lock and its freehttps://play.google.com/store/apps/details?id=com.domobile.applock

JQuest81 89 pts

Man... that seems like a lot of work just to get access to someones phone... In it's defense, in a real life situation where your phone is lost or stolen by a stranger, they would have to know who you are first to find a picture of you to edit to gain access.. so it's not THAT gimmicky... On the flip side, I suppose you could mount the phone or remove the external storage and try to nab a self pic and do the same. Though I (and I'm sure most) would never rely on that feature alone for phone security.

DroidDog Android Blog

Android videos, reviews, RSS, and forums

Navigation

Jelly Bean’s Face Unlock “Liveness Check” Easily Fooled With Basic Photo Editing

PhoneDog

TmoNews

TodaysiPhone

About PhoneDog

PhoneDog Media Family

Company

Popular

Research & Shop