However the video is quite clear about the method used, and there's enough stuff within that either shows amazing attention to detail for trolls, or a legitimate way to fool the S8's iris scanner.
The exploit uses the following components. First of all you need a camera that can capture infrared light. In the video an old Sony camera is used, these models had a nightshot mode that allowed you to capture images using the same sort of tech as night vision goggles. Once you've got a good photo of the user's eyes, you can then print that out using a laser printer. In the video they use a Samsung printer, which feels like rubbing salt in the wound somewhat.
The printout needs to be a specific size because the next step requires you place a contact lens over the image. According to the group that discovered this workaround, this gives the iris scanner the curvature it's expecting from a real eye, while you present it with a flat, 2D image.
I don't currently have the equipment needed to duplicate this process, so I can't confirm if it works as suggested. Naturally, I asked Samsung if it could take a look at the video and either confirm that it was a hoax, or look into the matter and get back to me. A spokesperson replied:
"We are aware of the issue, but we would like to assure our customers that the iris scanning technology in the Galaxy S8 has been developed through rigorous testing to provide a high level of accuracy and prevent attempts to compromise its security, such as images of a person’s iris. If there is a potential vulnerability or the advent of a new method that challenges our efforts to ensure security at any time, we will respond as quickly as possible to resolve the issue."
That doesn't exactly suggest that the video is a hoax. It may also suggest that Samsung will be able to make changes to the software that might make this harder to use in future.
So what then? Well, obviously the security of both iris scans and fingerprints can be circumvented. In reality, for most people, it's not an issue. You don't tend to let others near your phone unattended so they would be unlikely to break in. Secondly, you might be suspicious about someone taking a photo with an ageing Sony camera
That said quite a lot of cameras can be modified to have their IR filter removed. This might not be entirely obvious to the person having their photo taken. So if someone has a good IR photo of you and access to your phone then they may well be able to get in. This doesn't mean that your phone is unprotected from the sort of casual unauthorised access we are all most worried about.
If security is important, the best advice is always to stick with a good passcode on your phone and device encryption. For most of us the risks are low enough here to ignore the problem. That might, or might not be wise but biometrics do at least offer some form of security that's low impact and reasonably secure.
Will Samsung be able to surprise us at all with the Galaxy S7 this year? Last year, the company threw us for a loop with its beautiful Galaxy S6 edge but this year all the leaks indicate that the Galaxy S7 and Galaxy S7 edge will be pretty much what we expect them to be.
5 years, 10 months ago
Just days after the Nasdaq broke 5,000 for the first time since 2000, billionaire entrepreneur Mark Cuban has thrown cold water on the most recent tech boom with a blog post arguing that this one is more fragile than the last.
6 years, 8 months ago
Hewlett-Packard said it would split into two listed companies, separating its computer and printer businesses from its faster-growing corporate hardware and services operations, and eliminate another 5,000 jobs as part of its turnaround plan.
7 years, 1 month ago
“I can see all of the devices in your home and I think I can control them,” I said to Thomas Hatley, a complete stranger in Oregon who I had rudely awoken with an early phone call on a Thursday morning.
8 years, 4 months ago