Security Flaws on Samsung and Google Phones Cause “Biometric Headache”

by: The Knowledge Group

October 21, 2019


The whole point of biometric security features are in their inherent uniqueness, it’s almost impossible to break. Much of said uniqueness is based on a biological feature only the individual user has, such as a fingerprint or an eye pupil pattern. However, while some of the big smartphone providers such as Google, Samsung, and Apple are all touting integration of such security benefits in their devices, the actual systems are not as secure as expected.

The Google Pixel 4 Face Unlock feature is circumvented by simply providing a user’s face feature with one’s eyes closed. Apparently, the formula on the phone expects one’s eyes to be open and did not account for a closed eye situation, such as when the person is asleep. As a result, the logic of the program seems to default to an “unlock” setting as a result. An update was provided on the Google system that could be toggled to require the user to be awake but it could still be bypassed.

Interestingly, Google isn’t the only one struggling with implementing the biometric feature. The Samsung S10 was advertised with a thumbprint lock feature that again was advertised to provide very unique security protection. Unfortunately, in practice, the security feature could be bypassed by anyone’s thumbprint being provided. Samsung acknowledged this flaw exists and focused the cause on screen protectors. The technology of fingerprint recognition works on a program that measures the gaps of air between thumbprint ridges. The protector film creates a flaw unanticipated in the programming code, and the phone then defaults to an open setting as a result, bypassing the security feature entirely. Actual users first found the problem and, once reported, were expected to be addressed in a system patch from Samsung.

Both companies have made statements that implementing biometric security is a new frontier in tech security and will evolve, but it would be reasonable to expect when launched in a consumer product the feature is tested sufficiently before being marketed as such.