Feeds

New Android plan: Gurn at your phone to unlock it

'No, mine's an iPhone. This is actually how I look'

SANS - Survey on application security programs

Google has filed a patent for a new method for controlling computers and other devices by pulling funny faces.

In the future, Chocolate Factory fans might be able to unlock their gizmos by sticking out their tongue, rather than by having to remember passwords, according to a new patent.

Android users can currently use a system called Face Unlock to access their phones, but the new tech purports to be more reliable because it can't be fooled by photographs. Google introduced a system called "liveness" last year which requires users to flutter their eyelashes to prove they are alive and not just a photo, but researchers managed to fool it using image editing software to create a photo that appears to show the subject blinking. All a hacker would need to do is show the original photograph followed by the edited one.

The new patent includes aspects of this research, but goes further by introducing a range of gestures, including smiling with the mouth open, frowning and wrinkling the forehead or nose. It also recognises when a person does a "tongue protrusion".

The system would be more effective, because it could ask for any of the gestures, raising the prospect that anyone looking to send a text on their mobe would have to spend goodness-knows how long pulling silly faces in public before being allowed to send it.

Like the current Liveness tech, Google's new facial recognition software would take two photographs of an individual and then compare them using details on "facial landmarks" from each snap. These images could then be analysed to make sure that the person in front of the camera had pulled the correct expression.

Other "anti-spoofing" systems introduced in the patent could send light beams towards the subject, which are then detected when they reflect off the cornea. The exact colour of the light could be different each time, ensuring that access is not granted to someone waving a photo around.

However, facial recognition software is not an entirely reliable way of securing your telephone or computer just yet.

"The problem with biometrics in the past has been that you have always been able to find a way to work round the requests to deliver what's needed," Prof Alan Woodward, chief technology officer at the consultancy Charteris, said in an interview.

"It sounds like Google is thinking about how try and counter this with randomness and movement.

"But there's a long way between writing a patent about an idea and delivering it as a reliable security measure. I would expect people will still use traditional passwords for some time to come."

A Google spokeperson said that some ideas "later mature into real products or services, some don't".

"Prospective product announcements should not necessarily be inferred from our patent applications," he added.

It wasn't clear how the system might work on one well-known Android platform, the wearable computer Google Glass. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.