Tuesday, October 22, 2019

Google's Pixel 4 face unlock system: Broken as designed

There's a "bug" in the new Pixel 4 phone, one that lets someone unlock your phone even if you're asleep.  Or, say, the Cops want to see what's on it and you're not cooperating.  The fix will take rewriting the code, and so it will take a while:
When the Pixel 4 ships this week, it will be releasing to consumers with a face-unlock security issue that will apparently stick around for some time. Unlike the iPhone's FaceID (and Google's earlier face-unlock system on Android 4.1), the Pixel 4's face unlock doesn't look for the user's eyes, so the phone could be pointed at a sleeping or unconscious owner and unlocked without their consent. This weekend, Google said in a statement that a fix "will be delivered in a software update in the coming months."
What this means is that the design of the system never considered that someone might not want their phone unlocked when they're sleeping.  That speaks volumes to how much Google values your privacy.

Here's a security ProTip: Don't ever ever ever use face recognition or fingerprint reading to unlock your phone.  Unless you want this sort of thing to happen to you.

Here's a second security ProTip: Don't ever buy a phone from Google.

1 comment:

SiGraybeard said...

Another Pro Tip: don't use anything Google provides.

Says a guy using a Google email and blogger profile.