It appears you have not yet registered with our community. To register please click here...

Go Back [M] > Madshrimps > WebNews
Fooling Samsung Galaxy S8 Iris Recognition Fooling Samsung Galaxy S8 Iris Recognition
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Fooling Samsung Galaxy S8 Iris Recognition
Thread Tools
Old 26th May 2017, 06:13   #1
[M] Reviewer
Stefan Mileschin's Avatar
Join Date: May 2010
Location: Romania
Posts: 144,181
Stefan Mileschin Freshly Registered
Default Fooling Samsung Galaxy S8 Iris Recognition

We have a love-hate relationship with biometric ID. After all, it looks so cool when the hero in a sci-fi movie enters the restricted-access area after having his hand and iris scanned. But that’s about the best you can say about biometric security. It’s conceptually flawed in a bunch of ways, and nearly every implementation we’ve seen gets broken sooner or later.

Case in point: prolific anti-biometry hacker [starbug] and a group of friends at the Berlin CCC are able to authenticate to the “Samsung Pay” payment system through the iris scanner. The video, embedded below, shows you how: take a picture of the target’s eye, print it out, and hold it up to the phone. That was hard!

Sarcasm aside, the iris sensor uses IR to recognize patterns in your eye, so [starbug] and Co. had to use a camera with night vision mode. A contact lens placed over the photo completes the illusion — we’re guessing it gets the reflections from room lighting right. No etching fingerprint patterns into copper, no conductive gel — just a printout and a contact lens.

We’ve ranted about the insecurity of fingerprints before; they’re not a good secret, they’re irrevocable, and they’re hard to store securely. And on top of these conceptual problems, they’re quite spoofable, as [starbug] and many others have shown, going way back.

So why do we still use them? Fingerprint readers and iris scanners are “good enough” security and they’re fun to hack around with. Should you add one to your project for grins? Absolutely. Should you require your citizenry to use them for authentication, or use them for real security? We wouldn’t.
Stefan Mileschin is offline   Reply With Quote

Similar Threads
Thread Thread Starter Forum Replies Last Post
The Galaxy S8 iris scanner can be hacked with aging tech Stefan Mileschin WebNews 0 24th May 2017 06:00
Galaxy S8 eye iris unlocking in near dark Stefan Mileschin WebNews 0 30th April 2017 12:13
Samsung Galaxy S8 rumored to feature optical fingerprint recognition Stefan Mileschin WebNews 0 28th October 2016 06:38
Samsung Galaxy Note 7 specs revealed, iris scanner ‘confirmed’ Stefan Mileschin WebNews 0 28th June 2016 05:41
Samsung Galaxy Note 7 Iris scanner will be supplied by Patron, says new report Stefan Mileschin WebNews 0 20th June 2016 05:54
Samsung Galaxy Note 6 could feature iris scanner, IP68 certification Stefan Mileschin WebNews 0 10th April 2016 13:55
Samsung Galaxy S7 could offer an iris scanner, claims new rumor Stefan Mileschin WebNews 0 29th December 2015 06:55
Iris recognition for Samsung or LG flagship phones? Maybe in 2016 Stefan Mileschin WebNews 0 19th June 2015 06:21
Windows 10 log-in options will include fingerprint, facial and iris recognition Stefan Mileschin WebNews 0 18th March 2015 10:39
Analyst predicts two Samsung Galaxy S5 plastic versions with fingerprint recognition Stefan Mileschin WebNews 0 28th January 2014 07:15

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

All times are GMT +1. The time now is 19:32.

Powered by vBulletin® - Copyright ©2000 - 2023, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO