Android 4.0 (code named Ice Cream Sandwich) includes Face Unlock, a feature which, if activated, allows the owner to unlock a device just by presenting his or her face to the device's camera. Cool, right?
Malaysian cell phone blog SoyaCincau posted the following video on youtube which shows that it's possible to use a photograph of the owner's face to unlock the phone.
What's really strange is that this isn't such a difficult problem to solve. There are several ways one can distinguish between a two dimensional inanimate object and a three dimensional living being. Something as trivial as taking several samples of the face over time would show some movement in real people (e.g. eyes blinking) something that photographs don't generally do. Three dimensionality can be discerned by playing with the focus on different areas of the face (most people don't have flat faces).
Now none of these solutions are perfect, but they would prevent the trivial usage of a static two dimensional photograph as shown in the video above. If this video accurately represents reality, Google really messed up here.