A group of hackers was able to defeat the iris scanner in the Samsung Galaxy S8 smartphone using relatively common supplies, creating concerns that biometric logins may not be as foolproof a security measure as once believed.
The German hacking collective Chaos Computer Club revealed Monday it was able to gain access to a user’s Galaxy S8 with a MacGyver-like solution that involved using a point-and-shoot camera, laser printer and contact lens.
Chaos Computer Club completed the hack by taking a photo of a target from about 15 feet. The group took that photo, zoomed in on the target’s eye and printed the image with a laser printer made, fittingly, by Samsung.
Finally, the group took the printout of the eye and placed it atop the surface of the contact lens to replicate the curvature of an actual eyeball. When the makeshift eye was held up to the Samsung smartphone, the device unlocked as if the owner was looking into the iris scanner.
“The by far most expensive part of the iris biometry hack was the purchase of the Galaxy S8 smartphone,” the group said in a blog post.
"The security risk to the user from iris recognition is even bigger than with fingerprints as we expose our irises a lot," said Dirk Engling, the spokesman for Chaos Computer Club. "Under some circumstances, a high-resolution picture from the internet is sufficient to capture an iris."
Hacking the Galaxy S8’s iris scanner is not the group’s first foray into breaking biometric systems. Chaos Computer Club also defeated the fingerprint scanner in the iPhone 5S by using photos of fingerprints photographed from glass surfaces.
In both cases, the hacks are relatively novel and would require a targeted effort to pull off, but present challenges to the belief that biometric security measures offer a safer alternative to passwords.
Biometrics have started to take hold as a password alternative, be it the fingerprint scanner found in iPhones and other smartphones or the iris scanner found in the Galaxy S8 and a number of other upcoming handsets — including rumors the iPhone 8 may include such a sensor. Other options, like selfies and face scans, also have been implemented by companies like Mastercard and Alibaba.
Biometrics are moving beyond mobile, as well. Apple has added its Touch ID fingerprint sensor to the latest series of MacBooks, and companies like Samsung and LG have started experimenting with retinal scanners and facial recognition tools that would allow a user to log in just by looking at a device's camera. Even government agencies have started adding face scans as security checks.
As these methods of login continue to come to market, it’s important for companies to ensure they are taking precautions to make sure they cannot be cracked. Samsung, in particular, has already had problems with this: In 2015, it was discovered the company was storing fingerprint data in a way that made it easy for a hacker or malicious software to gain access to it.
Without taking proper precautions to protect user biometric data, fingerprints and eyes are no more secure than a password, even if they require more effort to hack.
- Election 2020: It is absolutely preposterous to think NDC didn’t collate its results – Afriyie Ankrah
- Headmaster found hanging dead from a tree behind his house in Techiman
- ‘I find myself in a very enviable position’ – Hassan Tampuli on ministerial appointment
- 5 Ghanaians arrested in Dubai for smuggling weed; one jailed for 10 years
- Power providers can’t guarantee consistency with ‘dumsor’ timetable – Energy Analyst
- Rastafarian case: Achimota School fails to respond to suit, case adjourned to April 30
- Kumasi traders call on ECG to extend ‘dumsor’ timetable to Ashanti region
- Hyundai, KIA to establish assembly plants in Ghana in 2022
- There’s no scientific evidence that Free SHS led to success in WASSCE – Peter Anti
- Ghana School of Law to celebrate legacy of Okyeame Baffour Osei Akoto
2 sales personnel convicted for stealing
Armed illegal chainsaw operators frustrating forestry officers in Dormaa West District
Protect Ghana’s Covid-19 strides – GHS advises increased adherence to protocols
Court jails labourer 15 years for defilement
Eli Hini appointed as first CEO of MobileMoney Limited
Government procures 4 more pre-assembled P3 labs for Covid-19 testing – Dr Kuma-Aboagye
2020 Volta Regional Best Cocoa Farmer awardees finally receive prizes after Joy News report
Obour reacts to Mark Okraku Mantey’s deputy ministerial appointment
Senior U.S. commerce official discusses trade partnership with Ghanaian businesses
Some 33 immigrants from West Africa deported for using unapproved routes
Dam serving about 3900 residents of Yoggu dries up
Consultants who overprice road projects will be prosecuted – Roads Minister
Sekondi-Takoradi to have a dual carriage road
Fate of AirtelTigo must not be like most government parastatals – Sam George
African countries at risk of major measles outbreak over delayed vaccination exercise, WHO says