Skip to main content

Samsung’s Galaxy S9 face scan trying to keep up with Face ID and failing, say security researchers

It seems that it’s not just in benchmarks that Samsung’s new flagship Galaxy S9 is failing to keep up with the iPhone – the same seems to be true of its new Intelligent Scan face unlock system …

Samsung’s early attempts at face-recognition were embarrassingly bad. Both the Galaxy S8 and Note 8 were quickly shown to be defeated by photos and video. The company even tacitly admitted the security failings by not allowing face-recognition to be used for its Apple Pay competitor, Samsung Pay.

While Samsung is touting what is ostensibly a smarter version of face unlock in the Galaxy S9, it seems the system is simply faster, rather than more secure.

CNET reports that the S9 appears to first try the same low-security 2D face recognition system used in earlier devices, then attempt an iris scan if that doesn’t work, and finally combine the two if neither is successful on its own. The result is that unlock is quicker and more reliable, but no more secure.

One security researcher believes Samsung was trying to match the speed, rather than security, of Face ID.

“They want to provide some level of security but also make it easy and effective for you to get into the phone,” said Andrew Blaich, a researcher with mobile security company Lookout. “This is probably trying to play catchup with how smooth the user experience is for the iPhone.”

The security researcher who successfully defeated the iris scanner in the Galaxy S8 says he can’t even see the sport in doing it again with the S9.

Jan Krissler, a security researcher known as “Starbug” with the hacking group Computer Chaos Club, exposed the Galaxy S8’s weaknesses last May when he fooled Iris Scan with a photo and contact lens. He said his group’s not interested in trying to crack Intelligent Scan if there’s nothing new.

“There is no fun in hacking just a new release of the same system,” Krissler said in an email.

And Samsung, once again, doesn’t allow Intelligent Scan to be used with Samsung Pay, seemingly confirming its own view of the level of security offered.


Check out 9to5Mac on YouTube for more Apple news:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear