back to article Android gets biometric voice unlocking

Google is deploying what it calls Trusted Voice to allow Android users to unlock phones using their voice, according to reports. The feature is filed under the Choc Factory's Smart Unlock feature which sports easier unlock mechanisms like Trusted devices, places, and faces. Once activated, it would allow punters to unlock …

  1. joeW

    My voice is my passport

    Verify me.

    1. Tom Chiverton 1 Silver badge

      Re: My voice is my passport

      ITYM "My, voice. is my. pass port. VeriFY. Meeee.".

      What could possibly go wrong.

      1. Anonymous Coward
        Anonymous Coward

        Re: My voice is my passport

        "What could possibly go wrong.

        Let us see:

        The Google patent

        https://encrypted.google.com/patents/US8402533

        states that remote servers can indeed be a part of the system, in order to allow themselves a broader patent. But Google Voice usually uses Google's remote servers.

        If the Voice Unlock does indeed use Google servers, could the answer to "What could possibly go wrong?" be "Police subpena Google for voice print to unlock suspected criminal's phones during investigations, claiming that user did not have an assumed right of privacy since they always know that voice recognition is serviced by Google network servers"?

        We'll wait for the other shoe to drop with this one.

  2. John H Woods Silver badge

    Pattern unlock (and to some extent PIN) not that secure --- many screens show some residue of the patters. Face unlock is fun gimmick (although I think I need to know why my eldest son can unlock my phone and not my youngest!) but not good enough to secure your phone.

    Who's for an implanted RFID chip?

    +1 for the Tasker ref. You can do other stuff as well - keep the phone unlocked if it is in certain locations (GPS) or if earphones are plugged. Redirect calls from certain numbers (boss? mistress?) if you are at home ... lots of great stuff, with such a good visual scripting interface that you can use it to get (certain sorts of) kids interested in scripting and programming ...

    1. Test Man

      "(although I think I need to know why my eldest son can unlock my phone and not my youngest!)"

      :D

      Ask your wife ;)

    2. big_D Silver badge

      I have a Yubikey Neo NFC to unlock my LastPass safe on my Android devices already. Without master password and Yubikey, no password.

    3. VinceH

      "Who's for an implanted RFID chip?"

      The UK Government (and probably other governments around the world) if they think it'll be a neat alternative to an ID card and would help in the fight against the nasty paedophile terrorist pirates.

    4. Anonymous Coward
      Anonymous Coward

      No implanted RFID chip

      However, here's the use case for a smartwatch, or at least something wearable that includes an RFID with enough range that it can automatically unlock your phone your presence but it instantly locks if it moves more than a couple meters away from you.

      To prevent theft of the phone and wearable item together, the wearable should break the pairing relationship if removed. Ideally the watch can be programmed to 'recognize your wrist', perhaps via chemical secretions in your sweat and the pattern of your pulse at rest, then it can be re-paired with your watch once it is put back while making it and the phone valueless to thieves and coercion useless (no way to reach rest pulse under coercion)

    5. BigFire

      Demolition Man

      A much underrated satire, Demolition Man where they LoJacked every citizen of San Angelos. So the police department figures that their fugitive criminal would be hard press to get any money, since all transaction is based on the biometric chip on the hand. John Spartan is quit put off by this draconic development but added that Simon Phoenix only need to rip off some unfortunate soul's arm to get what he needed.

    6. Anonymous Coward
      Anonymous Coward

      "Pattern unlock (and to some extent PIN) not that secure --- many screens show some residue of the patters."

      That really depends on the length of the patterns/digits. Not that I'd even call it secure by any measure, mine is rather long. Still, copy the encrypted flash to a model system with RAM vice Flash, and have at the decryption. Won't take long.

      As for the RFID chip, well that depends. Personally, I don't find it reassuring that someone might relieve me of it using violent invasive procedures. Just give them an unlocked device and report it stolen. On these devices, it's all Security Theatre as any real measures are still beyond the stock device (e.g. EDS on Android needs root, and yes, it's installed on my tablet but just to annoy whoever might like to see inside).

  3. All names Taken
    Joke

    Why not humans?

    If cows, dogs, cats and ... can get tagged why not humans?

    1. Anonymous Coward
      Anonymous Coward

      Re: Why not humans?

      I've been suspicious that I've actually been tagged since birth. There seems to be something beneath the skin, in the palm of my hand. It's been flashing red for a while now. Anyhoo, can't stick around here, must go out for a run.

      1. AdamT

        Re: Why not humans?

        Me too. Only in my case it's up my nose that flashes red. Anyhoo, just off for a fake trip to mars...

    2. Anonymous Coward
      Anonymous Coward

      Re: Why not humans?

      SOME people consider things like an implanted RFID chip in humans to be the "Mark of the Beast"

    3. Anonymous Coward
      FAIL

      Re: Why not humans?

      In both South Korea and much of South America, people do get RFID locator beacons inserted sub-cutaneously as kidnapping for ransom occur on a regular basis and far to often, even if the ransom is paid, the kidnappers still kill the victim.

  4. Shannon Jacobs
    Holmes

    More erosion of my respect for the google--BAD security

    The fix is obvious, but if they can't implement it yet, then they need to wait on voice authentication. The phone should NOT use the same password, but rather show some random text that you have to read. Not perfect, but at least it would beat the most obvious countermeasure of the recorded login.

    Whatever happened to the non-EVIL and competent google of so few years ago?

    1. Looper
      Facepalm

      Re: More erosion of my respect for the google--BAD security

      "Whatever happened to the non-EVIL and competent google of so few years ago?"

      You have to be joking, right? Since when has Google, the marketeer since birth, been non-EVIL?

  5. Lee D

    Yesterday, our in-house Apple expert discovered that if he says "Call <name>" to his iPhone, that it automatically dials that number and then, when answered, puts the speakerphone on without confirmation or audio feedback. Whether it's locked or not.

    I'm pretty sure there must be an option there somewhere (and if not, disabling that annoying Siri thing), but this kind of stuff is stupid to have the possibility of unless there's a clear indication that the phone is listening. You've only got to enable that option by accident (easily done on a touchscreen in your pocket over time or if you have a co-worker "borrow" your phone) and you can be in trouble.

  6. AMBxx Silver badge
    Mushroom

    Wifi

    Wish they'd stop mucking about and fix the WiFi disconnect problems.

    1. Dan 55 Silver badge

      Re: Wifi

      Disable avoid poor connections and/or wifi optimisation (battery saving), both in advanced wifi options.

      1. AMBxx Silver badge
        Unhappy

        Re: Wifi

        Been there, done that. Still drops.

  7. Def Silver badge
    FAIL

    FFS When will people learn?

    Google warns as much. "Trusted voice is less secure than a pattern, PIN, or password. Someone with a similar voice or a recording of your voice could unlock your device".

    All biometric information is inherently insecure as a "password". It should never be used to unlock or otherwise access anything. Ever.

    If you want to use it, use it as your user name, to which you then enter a password to confirm your identity.

    1. JP19

      Re: FFS When will people learn?

      "All biometric information is inherently insecure as a "password". It should never be used to unlock or otherwise access anything. Ever."

      Google have access to everything on most people's androids without any biometric or password so most people are ignorant or don't care.

      1. Def Silver badge

        Re: FFS When will people learn?

        Google have access to everything on most people's androids without any biometric or password so most people are ignorant or don't care.

        Shit stored on a phone, most people don't care about. But when your phone can be used to access your bank account, or tax information, or anything else which isn't usually stored on a phone, or when banks themselves start accepting that Apple, Google, or Microsoft can be trusted authenticators of a client, then you have a problem.

    2. Harry Kiri
      FAIL

      Re: FFS When will people learn?

      Not true. It depends on the ratio of the intra to inter-variance of the parameter being measured. Finger-prints are unique, but the parameters that measure them are finite. If you can measure accurately a fingerprint, it can be better than a password of some aribitrary complexity. If your fingerprint parameters can only differentiate 10 different prints then you have a problem.

      The issue with speech is the parameters have a lot of intra-variance such that when you speak you map onto other peoples patterns. Its not necessarily that your voice matches, its the parameters that represent the voice that overlap.

      1. Def Silver badge

        Re: FFS When will people learn? @Harry Kiri

        No, the problem here is that you need to be able to distinguish not only one fingerprint from any other, but also one fingerprint from an exact copy of that fingerprint, or a fingerprint from a finger that isn't attached to a hand.

        But even then you're just reinforcing my point. Now that you're 100% certain that that is my fingerprint, how can you be certain that it is me who is holding it? Basically by asking me to prove it by providing additional data that only you and I know.

  8. tony2heads
    WTF?

    voice recognition

    Wod if I hab a cold?

    Can it really cope with the deeper voice that goes with sore throat?

    Can it distinguish between me and a recording?

  9. James 51

    Will if work if yer Scottish? :P. A ring with NFC combined with pattern or pin seems like an obvious combination to enhance login security. Unless you lose the ring...

    1. AdamT
      Coat

      especially if you have multiple devices and you have used the same ring for all of them. Really annoying to have lost the one ring that bound them all...

  10. Yugguy

    Just a pin thanks

    I'll stick with my pin thanks.

    I've disabled all the Google recognition shite on my Z3 anyway.

  11. AceRimmer

    Smart Unlock

    Smart Unlock also works with trusted bluetooth devices.

    Very handy when in the car

  12. The last doughnut

    To all you lot who say that voice recognition isn't secure enough. This is just one of many options available under Android. You pick whichever suits you best. Better to have a weak protection that you use than a strong one that you don't use because of the relative inconvenience.

  13. annodomini2
    Black Helicopters

    Privacy

    For this to work the phone needs to be listening all the time...

    Just saying.

  14. All names Taken
    Paris Hilton

    Human implant...

    ... must be the best way?

    Or maybe even 2 - one for the ear region to automatically unlock voice op phone and one in fingertip for ease into car and all that other personalised stuff in car.

    Why, even the data and metadata might be used by third parties to reduce (increase?) auto insurance.

    Two implants seems better coz think of the loss of usabilities should a finger get cut off - one can still use t'other.

    Maybe the rfid could self destruct if the body organ it was implanted in stopped being so lively?

    Just streaming of conscious stuff thats all.

  15. Anonymous Coward
    Anonymous Coward

    How is this different to Samsung TVs?

    Recording and storing everything you say in their remote servers for their flea marketing / identity theft?

    Or their NSA associates?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022