RealAI Demonstrates 15‑Minute Adversarial Attack on Android Face‑Unlock Using Custom Glasses

Researchers from RealAI have revealed a new face‑recognition vulnerability: using a custom‑made pair of glasses, they were able to unlock the face‑unlock feature of every tested Android phone in under 15 minutes.

Unlike the old trick of holding a photo up to the front camera, this method employs an AI algorithm to generate a unique interference pattern that, when printed on a transparent overlay and attached to a pair of glasses, tricks the device’s neural network into accepting the attacker’s face.

The required tools are commonplace—a printer, an A4 sheet, and a glasses frame. The algorithm creates a special pattern based on the victim’s eye region, which is printed, cut to the shape of glasses, and affixed to the frame.

In the experiment, 20 devices were selected (19 Android models spanning low‑end to flagship, plus one iPhone 11 as a control). The same face data was enrolled on all phones, and the custom glasses were applied.

Results showed that every Android device, regardless of brand or price tier, was unlocked instantly; only the iPhone 11 remained unaffected.

This demonstrates that any device employing facial recognition is potentially exploitable, posing significant privacy and financial risks if the technique becomes widely available.

The attack leverages adversarial samples: the AI computes a perturbation that maximizes similarity between the victim’s eye image and the generated pattern, ensuring the model misclassifies the attacker’s face as the legitimate user.

Historical context shows that adversarial attacks have existed since at least 2019, with earlier work causing misrecognition but not full unlocking. RealAI’s breakthrough is the practical, real‑world exploitation of the vulnerability.

The researchers warn that if the algorithm were open‑sourced, a single photo of a target could enable anyone to craft a functional attack tool, creating new security challenges for enterprises.