WHY THIS MATTERS IN BRIEF
- Biometric security systems are awesome, until they’re hacked, and increasingly companies and individuals are finding that their latest and greatest biometric security systems are easier to hack than the password systems they replaced
Criminals know you love taking selfies, and they love your selfies too – especially the ones where you’re holding your fingers up in a victory sign. They also love the fact that your photos are good enough quality for them to print out a high definition print of your eyes and fingerprints. And they especially love the fact that these alone are good enough to help them unlock all of your biometric protected stuff and gadgets.
I love your new galaxy smartphone by the way – great cat wallpaper.
In yet another stab in the back for biometric security hackers have published details of a method to break the iris based authentication in Samsung’s shiny new Galaxy S8 that involves the use of a number of basic, everyday items.
Published by German whitehat hacking group Chaos Computer Club (CCC), the hack involves the use of a digital camera, a laser printer, with Samsung models, ironically, working best, and a simple everyday contact lens.
To bypass the Iris scanning feature, they use a digital camera to take a picture of a phone owner’s face and print it out on the laser printer. The contact lens is then placed on top of the face to mimic an actual iris, held in front of the phone and bingo – the Galaxy S8 unlocks.
Whoohoo! By the way – I deleted all your cat videos. Sorry it was a mistake – honest!
While the hack is fairly simple, there are some provisos in its implementation, including, obviously, making sure the quality of the photo is good enough to capture the details of the iris.
When it was first introduced Samsung’s iris scanning feature, which is powered by a biometric scanner manufactured by Princeton Identity, promised to be an easier way for users to unlock their phones, and when the Galaxy S8 launched, Samsung said it offered “one of the safest ways to keep your phone locked.”
“Iris recognition may be barely sufficient to protect a phone against complete strangers unlocking it. But whoever has a photo of the legitimate owner can easily unlock the phone,” said CCC spokesman Dirk, “if you value the data on your phone – and possibly want to even use it for payment – using the traditional PIN protection is a safer approach than using body features for authentication.”
While the Galaxy S8 does offer fingerprint scanning as an alternative to iris scanning, and no one yet has published a way to hack it, fingerprint scanners themselves have already been shown to be vulnerable to duping which is why companies are now busy creating ultrasound based fingerprint scanners that move away from today’s more basic electro-sensitive scanners.
That said though, with new hacks and technologies such as Adobe Voco and LyreBird, which can copy and reproduce your voice print with just a minutes worth of audio, for example, off of YouTube, and new fingerprint and ‘Photo morph’ hacks that fool facial recognition systems I think some of today’s biometric security companies need to go back to the corner of the room and get back to the drawing board.
Matthew Griffin Global Futurist, Tech Evangelist, X Prize Mentor ● Int'l Keynote Speaker ● Disruption, Futures and Innovation expert
Matthew Griffin, Futurist and Founder of the 311 Institute, a global futures think tank, is described as “The Adviser behind the Advisers.” Recognised in 2013, 2015 and 2016 as one of Europe’s foremost futurists, innovation and strategy experts Matthew mentors several XPrize teams, and is an award winning author, entrepreneur and international speaker who is regularly featured on the BBC, Discovery, Kurzweil, Newsweek, TechCrunch and VentureBeat. Working hand in hand with accelerators, investors, governments, multi-nationals and regulators around the world Matthew shines a light on the future and helps them transform their industries, organisations, products and services by demonstrating how the combination of democratised, and increasingly powerful emerging technologies, are helping fuel cultural, industrial and societal change that is transforming old industries and creating new ones. Matthew’s clients include Accenture, Bain & Co, Bank of America, Booz Allen Hamilton, Boston Consulting Group, Dell EMC, Deloitte, Deutsche Bank, E&Y, Fidelity, Goldman Sachs, Huawei, JP Morgan Chase, KPMG, McKinsey & Co, PWC, Qualcomm, SAP, Schroeder’s, Sequoia Capital, UBS, the UK’s HM Treasury, the USAF and many others.