Ice Cream Sandwich's Facial Unlock: Security Theater, Not Security-Conscious

Android 4.0 ("Ice Cream Sandwich") sports a new feature which, on the face of it (pun intended), sounds like a handy timesaver. The phone can use a front-facing camera and facial recognition to unlock if it recognizes a given person is holding the phone. It's also ridiculously easy to defeat. Independent tests show it's possible to fool the facial-unlock function by simply holding a picture up in front of the phone.

To be fair, it's not clear that Google ever intended the facial-unlock function to be used as a biometric on the order of a fingerprint or an iris scan. A consumer device is going to get consumer-device-level security, and the quality of such things is always going to lag behind more industrial-strength solutions. All the more reason why, in a BYOD environment, unproven biometrics -- and unproven security measures in general—should be treated with utmost skepticism.

Many kinds of biometrics have become consumer-level technology, which puts them within the reach of an audience that doesn't understand how security works. My notebook has a fingerprint reader, and refuses to boot unless you give it the proper fingerprint (or a PIN). If I'm naive enough to think that alone protects me—and a lot of people do—I get what I deserve. I'd need to add full-disk encryption to that machine to get anything like real protection.

Biometrics -- whether facial recognition or fingerprints—is far from being a gimmick, but it's best thought of as one security element among many. Security pro Bruce Schneier talks about biometrics as being hard to forge, but easy to steal -- and your face is one of the easiest things in the world to steal. Who reading this doesn't have a reasonably good picture of them floating around somewhere in public? Likewise, anyone who can sit at the same dinner table or lunch counter as you can lift your fingerprints without much effort.

It's easy to think of biometric security in a vaguely magical way, and I suspect we've been in the habit of doing that for a long time. In one of Isaac Asimov's science-fiction novels, there's a moment where a character opens a capsule containing a communication that's for his eyes only. The capsule's been programmed to respond not only to his own fingerprints, but his specific way of holding and manipulating objects. The book was written decades before fingerprint readers became commonplace, but the core idea is the same: this will only open for him, and no one else.

There's ways to fix the facial unlock function to make it more useful. Schneier mentions in his piece how fingerprint readers could be programmed to prevent cheating by detecting a pulse or a pore pattern. Facial unlock, likewise, could be reprogrammed to only work if the person winks or smiles—two things a photo definitely can't do.

For those truly concerned about security, biometrics shouldn't be the only key to the door. And biometrics that have no proven track record in the real world shouldn't be anyone's idea of secure—especially not in a BYOD environment.