Samsung can’t catch a break.
First the company had a high-profile publicity problem with its exploding Note 7 smartphone. Now the company’s follow-up device, the Galaxy S8, has recently proven vulnerable to a security flaw despite touting, uh, security as one of the new phone’s strongest features.
The S8 makes use of iris scanners and facial recognition technology so that users can unlock their phones just by looking at them. At the phone’s launch event, Samsung’s Senior Vice President of Product Strategy Justin Denison called it “the most secure form of biometric security we have ever created.”
But all it took was one Twitter user to prove him wrong.
The S8 is not formally available to the public yet, but @MarcianoTech got his hands on one of the new devices at the New York launch event. He successfully tricks this facial recognition feature in a live Periscope video, taking a selfie on one phone, then holding the image up to the S8’s sensors, suggesting that anyone with a picture of your face could gain access to your phone without your consent.
Importantly, the S8 (and larger sister-phone S8+) won’t be available for purchase until April 21, so this problem could still be fixed. It’s also likely that the demo phones at the launch event weren’t loaded with the finalized version of their software. In a response to the story, Samsung told Business Insider, “Facial recognition is a convenient action to open your phone — similar to the ‘swipe to unlock’ action. We offer the highest level of biometric authentication — fingerprint and iris — to lock your phone and authenticate access to Samsung Pay or Secure Folder.” The hacking action starts at 6:20 in the video.
— MARCIANOTECH (@MARCIANOPHONE) March 29, 2017