Ice Cream Sandwich facial recognition cracked

The ink on the Galaxy Nexus hero-phone design is barely dry, and a flaw has already been found in the flagship facial recognition feature of Google's Android 4.0 'Ice Cream Sandwich' operating system: it can't tell the difference between a person and a photo.

When Google was showing off its new Samsung-built Galaxy Nexus S smartphone, one of the features it was most proud of was the facial recognition: instead of an awkward-to-type PIN or password, or a follow-the-smudges unlock pattern, users are able to peer at the front-facing camera on the device to have their smartphones recognise their fizzogs and unlock automatically.

It's a neat trick, but one that is of more use in preventing pocket dials than providing security: it appears that the feature struggles to work out whether you're a real person or a simple printout.

Tests using a Galaxy Nexus S show that once a face has been registered, the smartphone can be unlocked using another phone with a photo of the owner on it - or even a poor quality printout of an image on paper.

The flaw stems from the fact that the front-facing camera on all Android devices is a simple 2D system that takes flat images. Without a secondary lens to provide depth perception, it has no way of working out whether the image in front of it is a real person or a flat representation thereof.

It's a problem that Google could work to address - asking the user to smile, or frown, would provide interactivity that a still image couldn't reproduce, for example - but for now it seems that the security conscious will have to stick with a passcode when they get their shiny new Galaxy Nexus handsets.

Below is a video from SoyaCincau TV on YouTube demonstrating the issue, with the Galaxy Nexus in question having been trained to recognise the operator's face but falling for a picture to unlock. "While some of you think that it is a trick and I had set the Galaxy Nexus up to recognise the picture," the videographer notes, "I assure you that the device was set up to recognise my face."