When ‘face unlock’ was released with Ice Cream Sandwich, many quickly noticed that it was easy to bypass the security measure by showing it a photo. Google updated the ‘face unlock’ application when they launched Android 4.1 Jelly Bean last month so that the phone needed to detect a person blinking before it could let them in. However it turns out that this can still be bypassed with a little extra effort.
As the video below shows, the new face unlock in Jelly Bean can be unlocked using an image which appears to be blinking. The way these guys do it is by taking a photo of somebody, then manipulating it to blur the eyes. They then swap between the photos which fools the phone into thinking that somebody just blinked. As they mention, it can also easily be done by having a video of the person blinking, but it’s slightly less likely if you are trying to hack a device which doesn’t belong to you.