Beware: Galaxy S10's Facial Recognition Easily Fooled with a Photo

The new Samsung Galaxy S10’s facial recognition is pretty terrible and can be easily fooled. It’s not surprising, because it doesn’t have the necessary hardware to make it as secure as Apple’s FaceID.

Credit: Tom's Guide

(Image credit: Tom's Guide)

While the iPhone X series uses dual cameras and infrared sensors to obtain a true three-dimensional map of your face, the new Samsung Galaxy S10 models don’t. They only have a single or two cameras. And like some people have discovered, that’s not enough to secure your phone with your face.

In a Twitter thread, Jane Manchun Wong describes how she was able to fool her brother’s Galaxy S10+ using her face. Despite being siblings, they don’t look alike:

Jane Manchun Wong

Jane Manchun Wong

“I unlocked my brother’s Galaxy S10+ with my face,” Manchun Wong claims in the thread. She says that her brother was showing off her S10+ during dinner when they discovered that the phone could be unlocked with his face even if his eyes were closed. Then she tried it with her own face and the phone unlocked again.

On YouTube, Unbox Therapy provides with a demonstration about how easy it is to fool using an old video of himself.

In the video you can see that you only have to put another phone playing a video of the S10’s owner face to unlock the phone. It will work the same with photos too, something that anyone can get from social media.

Again, this is not surprising. Samsung itself warns that their version of facial identification is not as secure as their ultrasonic fingerprint ID, which is built into the S10’s display. Their tech is not built to 3D scan a user’s face, so you can fool it with a 2D image.

Turn off Fast Facial Recognition for better security

We have tested this issue at Tom’s Guide’s offices and, indeed, you can fool the facial recognition easily with just a plain photo. But if you turn Fast Recognition off, we haven’t been able to unlock the S10 Plus with a photo. It's maybe half a second slower to log in with fast recognition toggled off--if that--but it's hardly noticeable.

More important, turning this default setting off doesn’t leave your phone wide open for access by unauthorized people.

Still, just in case, remember that facial ID is still a (lousy) party trick in Samsung phones, despite having two cameras in the S10 Plus. Just as it is in other Android brands. Keep using your fingerprint ID (with the adequate screen protector) or passcode.

Jesus Diaz

Jesus Diaz founded the new Sploid for Gawker Media after seven years working at Gizmodo, where he helmed the lost-in-a-bar iPhone 4 story and wrote old angry man rants, among other things. He's a creative director, screenwriter, and producer at The Magic Sauce, and currently writes for Fast Company and Tom's Guide.