Major Security Flaw — Google Pixel 4’s Face Unlock Works Even if Your Eyes are Closed

Major Security Flaw — Google Pixel 4’s Face Unlock Works Even if Your Eyes are Closed

Recently, Google launched its latest Pixel 4 series smartphones. It hasn't even arrived yet and someone has already found a major security flaw in the device. Google Pixel 4's Face Unlock works even if your eyes are closed and it's a major security flaw. This can be a problem as it can allow for unauthorized access if the person is asleep or even dead in more extreme cases.

It is a serious privacy concern because it allows attackers to easily gain access to a person's device without their permission. Someone could easily open it just by holding up to the owner's face when the owner is asleep.

Now, unauthorized access into a Google Pixel 4 phone is a constant concern for those who will buy one.

According to the BBC reporter, Chris Fox, the Google Pixel's Face Unlock feature works even if a user's eyes are closed, a clear security risk for anyone with a Pixel 4. Using default settings, users who are asleep or even dead could unknowingly unlock their phones for others. Chris Fox tweeted a video on twitter as proof for the flaw. He also tried this with different users and the same thing happened.
At Google Pixel 4 series launch, Pixel product manager, Sherry Lin said that there are actually only two face unlock solutions that meet the bar for being super-secure  it's ours and Apple's. However, This shows that Google Pixel 4's Face Unlock feature is actually a step back from Apple's Face ID.

Google was so sure of its Face Unlock's strength that it removed fingerprint sensors from the latest Pixel 4 series, leaving its brand new facial recognition system as the only biometrics authentication system available on the device. Google also claims that Pixel 4's Face Unlock is one of the most secure Face Unlock solutions that you can authorize payments and log in to apps with it.

Because both Pixel 4 and Pixel 4 XL use a unique technology that Google calls Project Soli. It is a mini radar chip that can identify a face in 3D, finger movements, hand gestures, and even body movements. It is technically better than Apple's Face ID mechanism but Google's implementation of the Soli chip inside Pixel 4 and the Pixel 4 XL is not good enough.

Ideally, a smartphone shouldn't unlock when its registered user has closed their eyes or when they are dead.

And For that Google Pixel 4 series must have a "Require eye to be open" feature on the device. Here, is why it is important. If someone looking to get into a Pixel 4, grabs the device and puts it up to the owner's face when the owner is asleep, it will unlock. It is worth noting that Apple also has similar technology for its face ID system on the iPhone X and its latest iPhone 11 models. But it required people's eyes to be open in order to work. This allows a person to keep his eyes closed in order to prevent his iPhone X and iPad 11 models from being unlocked against his will.

But Google reportedly told BBC News that "Require eye to be open" would not feature on Pixel series when it goes on sale, on 24 October 2019. So, It is a constant cause of concern for those who will buy one.

Major Security Flaw — Google Pixel 4’s Face Unlock Works Even if Your Eyes are Closed

Google seems to be aware of the problem, stating on a Pixel 4 help page that Your phone can also be unlocked by someone else if it's held up to your face, even if your eyes are closed. Google encourages users to keep their phones in a safe place like your front pocket or handbag to reduce the likelihood of these events.

Major Security Flaw — Google Pixel 4’s Face Unlock Works Even if Your Eyes are Closed

There is no option to stop the phone from unlocking when the user's eyes are closed. However, Google said that it will continue improving the Face Unlock feature on Pixel 4 and Pixel 4 XL in the future, which gives us hopes that the missing option will be released with a software update. However, it is laughable that a huge tech brand like Google missed out on such a basic aspect of device security.

Google also says that in case the users are worried and want enhanced security then they can always turn on the "Lockdown" feature (Settings > Display > Advance > Lock Screen Display > Enable the Show Lockdown Option) to disable Face Unlock and force device owners to unlock their device by using a PIN, password or pattern every day before taking a nap or going to sleep.

Over the past couple of years, Face Unlock has become a huge part of our smartphone experience. But most Android smartphone makers have so far selected a less expensive and less secure Face Unlock technology. So, it was exciting to see Google's own version of Face Unlock security strength. But it turns out that Google's Face Unlock also has a major security flaw.

Biometrics is great when they work, but they are not the best way to secure your phone on their own. A strong passcode is still more secure than any biometrics at least for now.

I hope you find useful information in this article. If you have any questions related to Google Pixel 4's Face Unlock security flaw then please mention in the comments section and I will get back to you and stay tuned with my blog to learn interesting things related to cybersecurity and hacking.

No comments:

Powered by Blogger.