Doing Business | IT & Technologies

May 25, 2017

Samsung Galaxy S8 Iris Scanner Hacked In Three Simple Steps

A video showing how to defeat Samsung's iris scanner has appeared online. It seems almost implausible that this would be enough to get around security that Samsung claims is 100 times more secure than fingerprints.
Samsung Galaxy S8 Iris scanner

Samsung Galaxy S8 Iris scanner

However the video is quite clear about the method used, and there's enough stuff within that either shows amazing attention to detail for trolls, or a legitimate way to fool the S8's iris scanner.

The exploit uses the following components. First of all you need a camera that can capture infrared light. In the video an old Sony camera is used, these models had a nightshot mode that allowed you to capture images using the same sort of tech as night vision goggles. Once you've got a good photo of the user's eyes, you can then print that out using a laser printer. In the video they use a Samsung printer, which feels like rubbing salt in the wound somewhat.

The printout needs to be a specific size because the next step requires you place a contact lens over the image. According to the group that discovered this workaround, this gives the iris scanner the curvature it's expecting from a real eye, while you present it with a flat, 2D image.

I don't currently have the equipment needed to duplicate this process, so I can't confirm if it works as suggested. Naturally, I asked Samsung if it could take a look at the video and either confirm that it was a hoax, or look into the matter and get back to me. A spokesperson replied:

"We are aware of the issue, but we would like to assure our customers that the iris scanning technology in the Galaxy S8 has been developed through rigorous testing to provide a high level of accuracy and prevent attempts to compromise its security, such as images of a person’s iris. If there is a potential vulnerability or the advent of a new method that challenges our efforts to ensure security at any time, we will respond as quickly as possible to resolve the issue."

That doesn't exactly suggest that the video is a hoax. It may also suggest that Samsung will be able to make changes to the software that might make this harder to use in future.

So what then? Well, obviously the security of both iris scans and fingerprints can be circumvented. In reality, for most people, it's not an issue. You don't tend to let others near your phone unattended so they would be unlikely to break in. Secondly, you might be suspicious about someone taking a photo with an ageing Sony camera

That said quite a lot of cameras can be modified to have their IR filter removed. This might not be entirely obvious to the person having their photo taken. So if someone has a good IR photo of you and access to your phone then they may well be able to get in. This doesn't mean that your phone is unprotected from the sort of casual unauthorised access we are all most worried about.

If security is important, the best advice is always to stick with a good passcode on your phone and device encryption. For most of us the risks are low enough here to ignore the problem. That might, or might not be wise but biometrics do at least offer some form of security that's low impact and reasonably secure.

 

Text by Forbes
 

Tags Cloud

20102011accaaccidentaccidentsADSUadvertisingafghanistanAfrAsiaafricaagalegaagreementagricultureagroAIairair asiaair australAir Franceair madagascarair mauritiusairasiaAirlinesairportairway coffeeAlbionalgeriaalibabaalteoAlvaro SobrinhoamazonAmeenah Gurib-FakimAMLandroidApollo BramwellappappleappointmentsappsaquaculturearrestasiaATOauditaudit reportaustraliaaustriaaviationawardawardsBABagatelleBagatelle DamBAIBangladeshbankBank OnebankingbanksbarclaysbeachesBeau Bassin-Rose HillbeautybeerBelgiumBelle-MareBelle-RivebetamaxbettingBharat Telecombig databitcoinblue economyBlue-BayBOIboko haramBollywoodBOMbombingbookbookmakerbossBotswanabpmlBPOBramer BankbrazilbrexitBritish AirwaysbudgetbuildingbusesBusinessbusiness trendsCabinetcall centresCanadacanecareercareer tipscargocarnivalcasinoCCIDCCMCCTVCEBcelebretiescementChagoscharityCharlie HebdoCHCchilechinachromeCIELcigarettescinemaclashesCMTcomorosconcertconferenceCongoconstitutional amendmentconstructioncontestcontestscontractcooperationcorruptioncounterfeitcoupCourtCourtsCPBCPEcreativitycreditscrisiscruise shipsCSOCT PowerCultureCurepipecustomercustomerscustomsCVCWAcyclingcyclonedamDawood RawatdayDBMdeficitdenguedeportationdevelopmentDiego GarciadivalidoctorsdodoDomaine les PaillesDonald TrumpDPPdrug traffickingdrugsDTAADubaiDuty Freee-commercee-servicesearthquakeebeneebolaecoecologyeconomiceconomicseconomyEducationeducation abroadeducation reformEEZEgyptEIILMelectionselectoral reformelectricityelon muskembassyEmiratesemirates airlinesEmtelenergyENLentrepreneurshipEOCEUEuroEuropeeventeventsexaminationexamsexpoexportfacebookfairFalcqfarmersfarmingfashionfast foodfbiFDIfeefeesferryfestivalFievre AphteuseFIFAFIFA World CupFilm Rebate SchemefilmingfilmsfinancefinancesfinancingFirefishfishingFIUFlacqFlic-en-FlacFloodsflourfoodFootballforecastforeign workersForumFrancefraudfruitfruitsFSCFTAfuelfunnyGAARgabongadgetsgalaxygalaxy notegamblinggame of thronesgamesgasgazaGDPGermanyghanaGlobal BusinessgolfgoogleGorah Issac casegovernmentGRAGrand Baygrand-baiegreecegreengreen energygrippeGTUH1N1hackershajjhamashappinessHawaiihawkershealthhealthcareHeritage Cityhi-techhighlandshistoryHolcimholidaysHong Konghorse racingHospitalhotelhotel businesshotelshowhow toHRHRDCHSBCHSCHSC ProhtchungaryhuntingIBAIBLICACICTICTAID cardiframacillegal fishingillegal migrationillegal workersIMFimportindiaIndian OceanIndian Ocean Island GamesIndonesiainflationinfluenzaInfographicsinfrastructureinnovationinnovationsinsuranceinterest rateinternetinterpolInterviewinterview tipsinvestinginvestmentinvestmentsIOCIORECiosiPadiphoneIPOiraniraqirelandIRSISISislamicisraelITItalyjapanJellyfishJewelleryJin FeijobjobsjournalismJulian AssangeKailash TrilochunKenyakitesurfingKPMGkreollabourLafargelandlandslidelawlawslayoffsLe MorneleadershipleakLepepliberiaLibyalifeloanloanslocal governmentlogisticslotteryLottotechLRTLufthansaMadagascarmalariamalaysiamalaysia airlinesMaldivesMalimallmanagementmanagement tipsmanufacturingmarketmarketingmarketsMauBankMauritiansmauritiusMBCMCBMCCIMDFPMeatmeccamediaMedical CouncilMedical tourismmedicamentsmedicineMedineMedPointmeetingMEFMegh PillayMESMetro ExpressMEXAMFAMGIMHCmichaela harte caseMicrosoftMIDMidlandsMIEmigrationmigration crisisminimum salaryminimum wagemiss mauritiusmistakesMITDmlMMMmobilemobile phonesMokamoneymoney launderingmonkeyMont-ChoisyMoody’sMoroccomotivationmoviesMozambiqueMPAMPCMPCBMPLMQAMRAMSBMSCMSMMTMTCMTPAMusicMV BenitaNaïadeNamibiaNandanee SoornackNarendra ModinasanatureNavin RamgoolamNavind KistnahNCBNCGNDUNECnefNelson MandelaNeotownNepalnetherlandsnetworkingNew Mauritius Hotelsnew zealandNGONHDCNICNICHLNigerianight clubsNitin Chinien caseNobel Prizenokianorth koreaNRBNTANTCNWCCoceanocean economyofofficialsoffshoreoilOlympic GamesOmega ArkOmnicaneoniononlineopinionOppositionorangeoscaroscar pistoriusOUMoutsourcingPakistanpalestinePamplemoussesPanama Paperspandit sungkurparliamentPaul BérengerpensionpensionspeoplePhilippinesPhoenix Beveragesphonespicture of the daypillspiracyplanPlanet Earth InstitutePMPMOpmsdPNQpokerpolicepoliticspollutionPonzi SchemeportPort LouisPort-LouispostPovertyPRPravind JugnauthPRBpresentationpresentation tipspresidentpricepricesprisonproblemprofitprojectprojectsprostitutionprotestspsacPSCpsychologyPTRpublic servicepwcQatarquatre-bornesquotesrainsRajindraparsad SeechurnRakesh Gooljauryransomwareratesratingratingsreal estaterecallsreformreformsrefugeesreligionrepo ratereportRESrestaurantrestaurantsresultresultsresumeresume tipsretailReunionrevenuericeRiche-TerreriseRiviere-du-RempartRiviere-Noireroadsroche-boisRoches-Noires caseRodriguesRogersRose-HillrosewoodRoshi BhadainRum and SugarRundheersing BheenickrupeeRussiaRwandasafetySAJsalariessalarysalesalessales tipssamsungsanctionssaudi arabiaSBIsbmSCscamscandalSCBGscholarshipscholarshipsSchoolschoolsscienceseasecuritySEMSEMDEXSenegalSeychellesShakeel MohamedShanghaisharksshootingshoppingshopping fiestashopping mallshopping mallsshowShowkutally SoodhunSICsicomSierra LeonesingaporeSITskillssmall businesssmart citysmartphonesSMeSMEDAsmmsnapchatSobrinho casesocialsocial mediasocial networks & messengerssoftwaresolar energySomaliasonysouthsouth africaSouth China Seasouth koreasouth sudanspainsponsorshipsportSportsSquatterssri lankaSSRStar KnitwearstartupsstatisticsstatsSTCstockstock marketstocksstrategystreet vendorsStressstrikestudystudy abroadstylesuccesssuccess storysugarsugar canesummitSun ResortsSun Tan caseSunkai caseSunnystarssurveySwanSwedenSwitzerlandsyriaTAtabletsTaiwanTanzaniataxtax fraudtax heaventaxesTbillsteaTeachersteamTECtechnologytelecomtendersterrorismtertiarytextilethailandthethefttimetime managementtipstotourismtoystradetrade feetradingtrainingstransporttraveltrendsTrioletTripAdvisorTrou-aux-BichestsunamitunaTunisiaTurfTurkeyturkish airlinesTVtwittertyphoonUdMUgandaukukraineununemploymentunionsuniverseuniversityuomUSUTMvacanciesVacoasVacoas Popular Multipurpose Cooperative SocietyVacoas-PhoenixVanilla Islandsvarma caseVATVeekram BhunjunvegetablesVerizonvideoVideo of the Dayvirtual realityvisaVishnu Lutchmeenaraidoovisitvivo energyvolcanowasteWaterWaterparkWeatherwest africawhatsappWhitedot Casewi-fiwikileakswindowsWMAwomenworkworkersWorkshopWorldWorld Bankwriting tipsWTOXavier-Luc DuvalyahooyemenYEPyoutubeZambiazimbabwe
Mauritius
© 2010-2017 mega.mu