When Google introduced the Face Unlock feature in Android 4.0, Ice Cream Sandwich, it was quickly proven to be a failure due to the ease with which you could bypass it using a photograph.
With Android 4.1, Jelly Bean, Google added the option to make the user blink so as to avoid being duped by a simple photograph. But as it turns out, even that can be bypassed by using a digital image of the user and a simple trick using an image editor.
As you will see in the video below, the phone is set up to unlock itself using an image of a person. Then the other guys proceed to find a picture of that person on Facebook, download it and edit it so that it appears that the person’s eyes are closed. Then all you have to do is point the front facing camera at the monitor and then switch between the edited and unedited pictures of the person to fool the phone into thinking that the person is blinking.
The problem here is that you should know whom the phone belongs to to be able to find their picture online, which won’t be possible majority of the time. But once again we see that the Face Unlock method is not fool proof, so it’s best to use a password based unlock method to be safe.