The Pixel 4 and Pixel 4 XL aren’t even available yet and there’s a serious security flaw been discovered in the way their super-fast Face Unlock feature works.
As the BBC reports, it’s possible to unlock either of Google’s new Pixel smartphones with your face even if your eyes are closed. It means there’s a chance someone else could unlock your Pixel 4 while you sleep, or worse.
Here’s proof courtesy of BBC technology reporter Chris Fox:
— Chris Fox (@thisisFoxx) October 15, 2019
Google has confirmed Face Unlock works when your eyes are closed, explaining, “Pixel 4 Face Unlock meets the security requirements as a strong biometric.”
Is it a strong biometric security solution, though? Well, you can argue that for an unauthorized person to unlock your phone they’d have to gain access to it and unlock it while you sleep, which is an unlikely situation (unless it’s a family member). However, the much more sinister version of that is a thief knocks you unconscious, grabs your Pixel 4, and unlocks it with your face.
Th eyes closed unlock also counts as a negative when comparing the Pixel 4 to the iPhone 11 as Apple requires by default that your eyes are open for Face ID to work.
On Google’s support site it’s clearly stated that your Pixel 4 can, “be unlocked by someone else if it’s held up to your face, even if your eyes are closed.” The solution offered if you are concerned by this is to turn on lockdown, which essentially disables face recognition on your device. Surely a better solution would be to update Face Unlock to require your eyes are open?
It’s not just Google that’s being highlighted this week for a security fail, Samsung is also in the spotlight after it was discovered the Galaxy S10’s fingerprint scanner can be beaten with a cheap screen protector.