October 24, 2014

Face unlock can be Pwned even on Android 4.1 (Jelly Bean), Check out how to

Android introduced Face unlock in Ice Cream Sandwich and it was a sell-out, people showed off their unlocking methods to non-ICS users. ICS was feature-packed with more than this.

However, there were reports that Face Unlock can be hacked even with a Photo, just place the photo of the person in front of the phone, instead of a real person an it locks the phone, HUGE vulnerability.

face-unlock-hacked-pwnedBasically Google used a proprietary algorithm to discover certain elements of the face and stores it in a database, when the unlock is triggered, it takes the same aspects in to consideration and if a match is found, it unlocks the phone, this could be pwned by a photo too, there was no need of the ‘liveliness’ of a person.

Google didn’t release a patch for it in ICS BUT released a huge update in its next Android, Jelly Bean, where the users had to BLINK their eye in-order to unlock the phone, if they’ve Face unlock-enabled it. Simple but effective change right! WRONG

This was also fooled easily. All you need is some Photoshop skills, well, even MS Paint, Gimp skills will do ;)

How to do it?

1. Get the picture of the owner, Facebook is your best friend of this

2. Select the eye part and replace its color with the skin color

3. Use a pen tool and draw a slightly curved horizontal line(eye lash) to simulate the eyes being closed

4. Switch between two images will render the Blinking function.

Check out the video, that might clear the picture.

We’re hoping Google gets Retina Scans in the future versions of Android ;)

The DNetWorks Team

Article Tags

Related Posts

Shared on ariyan.org