The latest culprit to hackers’ prowess in breaking authentication systems is the insanely popular Samsung Galaxy S8. Ethical hackers/researchers (based at Chaos Computer Club (CCC) in Germany) behind this exploitation have managed to fool S8’S iris scanner, which makes us question Samsung’s claim that the mechanism offers ‘airtight security.’
All the club needed is digital camera, a laser printer, a contact lens and of course, a Samsung Galaxy S8. Once a subject has set up iris authentication, his/her picture (of the face) is taken and printed on paper. By the way, the hackers found out that Samsung printers gave the best results. Overlying the contact lens precedes the positioning of the printed image in front of a locked S8. The placement of the image should be natural just as user would unlock their phone, and the picture should not be close to the phone. Also, better results are obtained when shooting in night-mode or without infrared filters.
Defeating enhanced security implementations, especially those found in top-of-range smart handhelds is disturbing owing to the fact that people have a lot of private information and data in their phones. At the same time, it makes people question biometric authentication systems as they do not deliver on their security promises. Both Apple’s Touch ID and fingerprint recognition systems have been defeated before by white-hat hackers.
Samsung Galaxy S8 is the first commercially available phone that support iris scanning technology (assuming the Galaxy Note 7 does not count because, smokes), which is why hackers at CCC targeted it as they believe iris scanning will be picked by other smartphone OEMs. By the same token, CCC believes that future iterations will be subject to the same exploits since the technology utilizes limited space because phones are skinny, coupled with low computing power. These are some of the reasons why iris scanning is susceptible to hacks.
So, what authentication measures do you use on your phone? – and do you apply them to primarily safeguard your data or to make it difficult for thieves who pawn and resell phones?
You can watch the video of the hack here.