- Pixel 4’s face unlock can be abused for data theft or stealing money
- Google Pixel 4 won’t ship with any additional security layer to avert it
- Earlier leaks showed an option to keep eyes open for face unlock to work
Google Pixel 4 is fresh out of the oven with dedicated hardware for face unlock, something Google claims is a fast and accurate method of authentication with a motion detection feature added for convenience. But it appears that face unlock protocol on the Pixel 4 has a major flaw, as it can unlock the phone even if users are not looking at it or their eyes are closed. This security scare is not just a bug that early Pixel 4 users have discovered. Instead, Google itself has warned users that their Pixel 4 can be unlocked even when their eyes are closed or if someone holds it in their face without them knowing.
The Pixel 4’s thick top bezel houses dual face unlock IR cameras, flood illuminator, dot projector, a front-facing camera, and the Soli radar chip – all of which work in tandem to recognise facial data for authentication. But the purpose of having such hardware comes into question when it can unlock the phone even if the eyes are closed. The most obvious misuse scenario is that someone else can hold the Pixel 4 in front of the owners’ face while they are sleeping and unlock the phone, leading to catastrophes such as data theft or even rob them via banking apps secured by the face unlock protocol.
BBC’s Chris Fox demonstrated this Pixel 4 face unlock flaw in a clip shared on Twitter, where the phone can be seen unlocking itself by just holding in front of his face despite his eyes being closed. The same was replicated on a few other people too. And if you think that Google is going to patch this security flaw by adding an option that requires users to keep their eyes open for authentication, that unfortunately doesn’t appear to be part of the company’s plans. Google has reportedly told BBC that this is how the face unlock feature will function when the Pixel 4 goes on sale.
And this is what Google’s support page says: “Your phone can also be unlocked by someone else if it’s held up to your face, even if your eyes are closed. Keep your phone in a safe place, like your front pocket or handbag”. Another tip from Google says that Pixel 4 can unlock itself even when users don’t intend to do so.
To avert any security mishaps, Google suggests that users enable the lockdown mode (Settings > Display > Advance > Lock Screen Display > Show lockdown option) every time they feel concerned. So basically, you have a phone that comes equipped with advanced hardware, but it can easily be taken advantage of. And in case you are worried, you have to go through the hassle of activating lockdown mode on the Google Pixel 4 every day before taking a nap or going to sleep.
Interestingly, when hands-on images of Google Pixel 4 surfaced online last month, the images showed a toggle that can be enabled to make it mandatory for users to keep their eyes open for face unlock to work. Google claims that the “Pixel 4 Face Unlock meets the security requirements as a strong biometric”, and that it one of the most secure face unlock solutions out there, but the sheer ease with which it can be exploited is a major concern.