Pixel 4 security flaw could put many at risk

Google’s new Pixel 4 devices unlock with just your face. (Photo: Google)

The Pixel 4 and Pixel 4 XL haven’t even been available to consumers for a week and there’s already a huge security flaw in its face unlock system that could grant someone access without the owner knowing.

The Pixel 4 and Pixel 4 XL use a sophisticated array of sensors to authenticate with your face. (Photo: Google)

The Google Pixel devices will launch with a sophisticated authentication system that grants access to the device using only your face. The authentication system incorporates a face unlock camera, Soli radar chip, face unlock Dot Projector, face unlock IR camera and a face unlock Flood Illuminator. But even with all this advanced tech inside, the face unlocking feature works even if your eyes are closed.

This might prove rather risky for many as a person simply has to hold the device up to your face to gain access to your phone. This is bad because if you’re asleep or otherwise not paying attention to your partner, a child or anyone else can gain access to your phone (dangerous if you have something to hide).

The Pixel 4 and Pixel 4 XL started shipping October 24 with a security hole. (Photo: Google)

Google itself has acknowledged the issue on its support page. “Your phone can also be unlocked by someone else if it’s held up to your face, even if your eyes are closed. Keep your phone in a safe place, like your front pocket or handbag.”

Google removed the fingerprint sensor from this year’s devices and face unlocking is the only biometric way in. You can still use passwords or a pin, but those take a lot more time than simply looking the device.

This is strange for a company that talked so much about privacy and security at its “Made by Google 19” event, where the Pixel 4 phones were launched. Apart from the radar system, Google’s face authentication technology is similar to Apple’s Face ID technology.

Face ID debuted on the iPhone X in 2017 and replaced their fingerprint sensors. However, by default, Apple’s implementation requires the user’s attention (by looking directly at the device) for it to unlock. You can disable this feature for more convenience and lose some security. It’s impressive that Apple managed to get it right the first time and introduced a simple and secure way to unlock their devices. iPhone fans are probably snickering now as news of the security flaw in the newly announced Pixel 4 and Pixel 4 XL surfaces.

By default, Apple’s Face ID requires the user’s attention to unlock.

Biometric authentication is often used to securely unlock banking apps and pay for goods, so you can see why Google’s implementation raises eyebrows. There were leaks before the device launched that showed a feature that would require a user’s attention; however, this feature won’t ship with the first set of devices that will start shipping October 24.

To compound the problem, it seems that there’s no timeline for a “fix” to the issue. According to a report by the BBC, Google claims “We will continue to improve Face Unlock over time.”

To combat the security issue, however, Google encourages Pixel 4 users to use “Lockdown” mode. This temporarily disables facial recognition and requires a password or pin to enter.

Google’s implementation is still secure enough to not be fooled by masks or pictures because it creates a 3D map of your face using its sensors, so that’s a plus. But until Google fixes the issue, Pixel 4 users better keep their phones close by.

— Written by Renor C.