Pixel 4, announced recently by Google, has a new biometric feature — well, new to Google, at least — unlock face. Like most modern biometric systems, it means that we are likely to write about security flaws in its implementation, and the first one has already appeared before even the phone is out. You don’t need to open your eyes to work in order to access the face of the Pixel 4. The vulnerability was first revealed by the engineering journalist of the BBC, Chris Fox, who was able to unlock face to work with their eyes closed on several men.
— Chris Fox (@thisisFoxx) October 15, 2019
Google seems to be aware of the problem, noting on a Pixel 4 help page that: “Your mobile can also be unlocked by someone else if it is held up to your face, even if your eyes are closed. Keep your phone in a safe place, like your front pocket or handbag.”
Apple’s equivalent technology, Face ID on the iPhone X, iPhone XS, iPhone XR and iPhone 11 series, Face ID, requires users to open their eyes to unlock the phone, and it’s quite clear why this is the case once you start thinking through it.