Latest Android OS Upgrade Leaves Users Vulnerable to Attack by Weeping Angels
Published on: 30th Jun 2012
Note -- this news article is more than a year old.
By: Ian Mansfield
Google has removed a security flaw which was more theoretical than practical but one that has amused people ever since it appeared.
When the Android 4.0 software was released, it included the ability to unlock a smartphone by using the front facing camera to recognise the face of the user.
However, it quickly turned out that there was a flaw in system in that a miscreant could hold up a photo of the smartphone owner -- or in some macabre versions of the story, the decapitated head of the owner -- in front of the camera, and it would accept that as proof that the owner was holding the phone.
Now, with the latest upgrade, the owner is expected to blink as well.
Unfortunately, the requirement for the user to blink to unlock it, makes the latest Android smartphones totally useless when fighting a particularly famous Dr Who villain, the Weeping Angels, against whom the only defence is to "don't blink".
The 4.1 Jelly Bean upgrade comes with a "Liveness Check" option which recognises the users face, then asks them to blink once to prove they are alive, or not a photo.
It is still theoretically possible that someone could have a video screen and show that to the handset, but in reality, we are getting to the point that if someone was that desperate to break into the handset there are easier ways of doing so.
Issues with the level of life in the user of biometric identifications is not a new one. When fingerprint scanners were developed, there were concerns that it would lead to hands being chopped off.
Now, there are fingerprint scanners that also check for warmth and some level of blood flow in the finger before unlocking the device.
On the web: XDA Forums