A group of hackers was able to defeat the iris scanner in the Samsung Galaxy S8 smartphone using relatively common supplies, creating concerns that biometric logins may not be as foolproof a security measure as once believed.
The German hacking collective Chaos Computer Club revealed Monday it was able to gain access to a user’s Galaxy S8 with a MacGyver-like solution that involved using a point-and-shoot camera, laser printer and contact lens.
Chaos Computer Club completed the hack by taking a photo of a target from about 15 feet. The group took that photo, zoomed in on the target’s eye and printed the image with a laser printer made, fittingly, by Samsung.
Finally, the group took the printout of the eye and placed it atop the surface of the contact lens to replicate the curvature of an actual eyeball. When the makeshift eye was held up to the Samsung smartphone, the device unlocked as if the owner was looking into the iris scanner.
“The by far most expensive part of the iris biometry hack was the purchase of the Galaxy S8 smartphone,” the group said in a blog post.
"The security risk to the user from iris recognition is even bigger than with fingerprints as we expose our irises a lot," said Dirk Engling, the spokesman for Chaos Computer Club. "Under some circumstances, a high-resolution picture from the internet is sufficient to capture an iris."
Hacking the Galaxy S8’s iris scanner is not the group’s first foray into breaking biometric systems. Chaos Computer Club also defeated the fingerprint scanner in the iPhone 5S by using photos of fingerprints photographed from glass surfaces.
In both cases, the hacks are relatively novel and would require a targeted effort to pull off, but present challenges to the belief that biometric security measures offer a safer alternative to passwords.
Biometrics have started to take hold as a password alternative, be it the fingerprint scanner found in iPhones and other smartphones or the iris scanner found in the Galaxy S8 and a number of other upcoming handsets — including rumors the iPhone 8 may include such a sensor. Other options, like selfies and face scans, also have been implemented by companies like Mastercard and Alibaba.
Biometrics are moving beyond mobile, as well. Apple has added its Touch ID fingerprint sensor to the latest series of MacBooks, and companies like Samsung and LG have started experimenting with retinal scanners and facial recognition tools that would allow a user to log in just by looking at a device's camera. Even government agencies have started adding face scans as security checks.
As these methods of login continue to come to market, it’s important for companies to ensure they are taking precautions to make sure they cannot be cracked. Samsung, in particular, has already had problems with this: In 2015, it was discovered the company was storing fingerprint data in a way that made it easy for a hacker or malicious software to gain access to it.
Without taking proper precautions to protect user biometric data, fingerprints and eyes are no more secure than a password, even if they require more effort to hack.
Latest Stories
-
Maritime Security Threats: Global collaboration, commitment needed to overcome risks – Akufo-Addo
21 mins -
AWUSCO develops 6-year Scientific Strategic Plan towards digital transformation
30 mins -
May Day: I’m prepared to work with you again to meet Ghana’s needs – Mahama assures workers
33 mins -
Build digital skills to enhance employability – KNUST Vice-Chancellor urges students
44 mins -
5 simple steps to take when you’re completely emotionally exhausted so you can get your fire back
1 hour -
Fatawu Issahaku wins Leicester City Young Player of the Year award
1 hour -
Chieftaincy Ministry: Yagbonwura was never asked to stand and greet Akufo-Addo; ignore deliberate misreporting
1 hour -
Chief of Staff hands over new headquarters to Real Estate Agency Council
2 hours -
Should I get back with my ex after he cheated? 5 questions to ask yourself before getting back together
2 hours -
Bright Simons: How SML confused Ghanaian professors
2 hours -
Air Quality: World Bank unveils $1bn guarantee to bolster clean air projects globally
2 hours -
Chop bar owner fingered in 3 murder cases denies involvement
2 hours -
Esinam Osei: Postpartum depression and me
2 hours -
Clean Air Fund and People’s Dialogue install new sensors in slum communities to fight lethal emissions
2 hours -
Dennis Agyei Boateng: The vital role of development communication experts in Ghana’s policy implementation
2 hours