The new face unlock sensor on Google’s Pixel 4 smartphone
has a glaring security problem: people discovered they could unlock it with
their eyes closed.
This shouldn’t be possible, and raises the specter of,
for example, someone taking your phone when you sleep to access sensitive
functions. It’s all the more dangerous because fingerprint authentication was
removed for the new generation.
Face unlock, which unlocks the screen when the user
points the camera at his face, is nothing new. It’s now a primary feature of
Apple’s iPhone, and Android had the option to unlock the display using just the
camera a few years ago. But the camera alone is not enough for effective
biometric authentication, and other sensors are needed.
“Face images are used to create a model of your face, and
that model is stored in Pixel’s security chip on the device. No images or face
models are ever sent to Google. The face images aren’t stored,” according to
the official website.
“When you enroll in Pixel face unlock, the face models are used solely for face
unlock. Your face model doesn’t go to any other Google services or apps.”
What aggravates the situation is that face unlock has
other, more critical uses, such as confirming payments and signing into apps.
According to a BBC report, Google won’t
fix the problem before the Pixel 4 launch, which is scheduled for October 24.
But the company said it will continue to improve the product after launch and,
since the ability to unlock the phone with eyes closed is a major security
omission, the fix might come sooner than later.