Android ICS Face Unlock can be Hacked Easily

The list of features in Ice Cream Sandwich excited me, especially the changes towards easing multitasking, the powerful in-camera functions like live editing, single-motion-panaroma, the NFC Android Beam, and a few more. However, the first thought that flashed my mind when I heard about the Face Unlock feature was if a photo could be used to unlock your phone.

Several people wondered this, and the only statement from someone at Google I could find was in this tweet from Tim Bray: "Nope. Give us some credit". A terse statement that does not explain much, but isn't brevity Twitter's USP?

Image sourced from here

Maybe Android 4.0 could distinguish if the face it is trying to identify is a real person or a photo by reading it a few times in quick succession to look for facial expressions, assuming a real person may not be able to remain exactly still like a photo. However, this is not difficult to hack into either. Perhaps a short video, or even an animated gif could help grant access to your phone.

Google says this is "a completely new approach to securing a device, making it even more personal". While it may make your device more personal, I do not see how does this make it more secure. Or how can it ever be more secure than the traditional password or pattern-drawing mechanisms, unless used in combination with one of these.

Unless, Ice Cream Sandwich does an iris scan while registering the user's face, which may need precise positioning of the eyes and may not instantly unlock your phone.

I shudder at the thought of someone using my photo/video to unlock my unattended phone and access/misuse data from my always-logged-in Google account or impersonate me on Facebook and Twitter. Think about Google's own Wallet.