Update: While some suggested this might just be a demo mode thing, that approves anything vaguely resembling a face, CNET confirmed on its review unit that the device is indeed fooled by photos.
We tried it on our own Note 8, and sure enough, it’s still possible to fool it with a flat photo. A Samsung rep tells CNET that the company’s guidance: You’ll want to use the fingerprint sensor or iris scanner for security, and should view facial recognition as a convenient alternative to the simple swipe-to-unlock gesture.
While Apple’s detractors often criticise Apple for hyping features already seen in competitor devices, the Cupertino company doesn’t just follow the market. In particular, it tends to assess which features do and don’t make sense, and then aim to make the best possible version of the ones that do.
The sense of this approach appears to have again been illustrated by not just one but two Samsung devices …
It’s widely expected that the iPhone 8/Edition will launch without Touch ID, relying instead on face-recognition not just to unlock the device, but also to authorize Apple Pay transactions.
I expressed skepticism about this when it was first suggested, as it would mean Apple having a huge level of confidence in a completely new form of payment confirmation.
Yes, I’m quite happy to accept that Apple could have developed an infrared face-recognition system that’s good enough to be used to unlock the phone. But Apple Pay has been sold to banks and retailers on the basis of the proven security of Touch ID. Swapping this out for a completely new and unproven face-recognition system would be, at the very least, controversial. I’d expect some searching questions to be asked by banks and merchants alike.
That doubt wasn’t helped by the fact that the face recognition systems employed by companies like Samsung have been laughable.
When Samsung announced it in the Galaxy S8 smartphone, for example, it was quickly demonstrated that the device could be fooled by a photo. The company even tacitly admitted that the security offered by its facial recognition system wasn’t very good by stating that it could not be used for Samsung Pay.
It now seems that the face-recognition system used in its latest phablet, the Note 8, is no better. Web developer Mel Tajon was able to unlock the device using a selfie taken on his own phone. More worryingly, he was even able to do it using people’s Facebook profile pics. He tweeted a video of the process.
There is not the slightest possibility that Apple would ever release a face-recognition system that could be so easily defeated, even if it were only used to unlock the phone. With all the signs pointing to it being used for Apple Pay too, we can be extremely confident that the version used in the iPhone 8 will be extremely secure.
I wouldn’t expect Apple to call out Samsung by name during next week’s keynote, but I wouldn’t be surprised to hear an oblique reference to the security (or lack of same) of certain other systems out there – along with a lot of talk about just how the Cupertino company has made its system secure.