My wife hacked Android’s security system
Before we get into how to hack Android’s facial recognition system you need to know a little bit about my wife. First of all, she is not what you would call a computer hacker. She is barely what you would call a computer user. She knows how to send messages to her friends on Facebook, and she knows how to go on Pinterest and look at pictures of cute bunny rabbits, but that is all she knows. She literally doesn’t even know what Microsoft Excel is. She knows I show her the budget every month and all the numbers are in little boxes, but she has no idea how it works or that it is called Excel.
I tell you that not to make fun of her, because there are other things that she is good at, but to explain just how little she knows about computers so that you can understand what a big problem it is that somebody like her can get past a security system, and to let you know you definitely should not be using that security system.
How to hack Android’s facial recognition system
I get tired of having to enter my password a dozen times a day to unlock my Android phone or tablet so I decided to play around with using Android’s built in facial recognition system to unlock my tablet instead of a password. How it works is that when you pick your phone up instead of having to enter your password to unlock it you put your face in front of the tablet’s front facing camera, it recognizes you, and it unlocks.
So I let my tablet take several pictures of me to get started and it seemed to be working fine. Then, when my wife wanted to borrow the tablet to look at Pinterest she was annoyed she couldn’t get into the tablet.
“I’ll get onto this tablet” she said as she took my tablet into the bedroom. I laughed at her and told her there was no way somebody who knew as little about computers as her could break into such a well made operating system as Android.
About 15 seconds later she walked out of the bedroom with the tablet unlocked. I couldn’t believe it. “How in the world did you do that?!?” I asked her.
“It was easy, I just took your drivers license and held it up in front of the camera.” she explained. I thought it must have been some kind of glitch so I demanded she do it again to prove it. She went and got my drivers license, held it in front of the camera, and sure enough the tablet popped to life.
Don’t use Android’s facial recognition system
Now this information can be used either for good or evil. Obviously, you could use it for evil by hacking into other people’s phones or tablets, but I am nicely asking you not to do that. I didn’t write this article so you could go snooping around looking at your friend’s old text messages.
I wrote this article as a warning that Android’s facial recognition system should not be considered the least bit secure. If you try to use it, your phone can be accessed by anyone with a photo of you or even access to your Facebook account. Your phone should be encrypted, but you should use the password system which is much more secure.
Improvements have been made, but still don’t use it.
After switching my tablet back to the password system, I did a little more research into the facial recognition system. I discovered that my tablet uses an older version of Android, and newer versions have been improved.
First of all, when you set up the facial recognition system, newer Android versions warns you that it really isn’t very secure. You should take that advice. Secondly, there is a box to check to require you to blink when the photo is taken to prove you are alive and not a photo. It seems to me this box should be checked by default, but it isn’t.
Finally, the facial recognition system gives you much less time to line the photo up than before, making it more difficult to fool your camera. It still isn’t foolproof though, so I think you are best off just not using it.
Dislcaimer: One more time, please don’t use any information you learn from this website for the purposes of evil. Thank you.
“Hacker” photo by Adam Thomas
Bunny photo by starsandspirals