The new face unlock sensor on Google’s Pixel 4 smartphone has a glaring security problem: people discovered they could unlock it with their eyes closed.
This shouldn’t be possible, and raises the specter of, for example, someone taking your phone when you sleep to access sensitive functions. It’s all the more dangerous because fingerprint authentication was removed for the new generation.
Face unlock, which unlocks the screen when the user points the camera at his face, is nothing new. It’s now a primary feature of Apple’s iPhone, and Android had the option to unlock the display using just the camera a few years ago. But the camera alone is not enough for effective biometric authentication, and other sensors are needed.
“Face images are used to create a model of your face, and that model is stored in Pixel’s security chip on the device. No images or face models are ever sent to Google. The face images aren’t stored,” according to the official website. “When you enroll in Pixel face unlock, the face models are used solely for face unlock. Your face model doesn’t go to any other Google services or apps.”
What aggravates the situation is that face unlock has other, more critical uses, such as confirming payments and signing into apps.
According to a BBC report, Google won’t fix the problem before the Pixel 4 launch, which is scheduled for October 24. But the company said it will continue to improve the product after launch and, since the ability to unlock the phone with eyes closed is a major security omission, the fix might come sooner than later.