Wednesday, 23 August, 2017

Yes, Samsung Galaxy S8's iris scanner can be hacked - here's how

Samsung sells over 10 million Galaxy S8 'Ultrasecure' Samsung Galaxy S8 iris scanner can be easily tricked, say hackers
Earnest Maxwell | 28 May, 2017, 02:35

The iris recognition feature on the Samsung Galaxy S8 can be easily bypassed using "basic tools", security researchers in Germany have discovered.

That's exactly why the CCC didn't use an ordinary photo to trick the S8's iris scanner.

As CCC spokesperson Dirk Engling says in the group's announcement, the integration between authentication and Samsung Pay means someone who can trick your phone can also spend your money.

Mark Clifton, CEO of the company behind the iris scanner found on Samsung's flagships, once explained how his company's technology can register up to 200 identifying features from a single iris or up to 400 with two irises, compared to 130 identifiers on the FBI's fingerprint technology. The exploit used for the hacking the Iris scanner is not really possible without equipment that includes: a camera that can capture infrared light, a laser printer, and a contact lens. Shockingly, the group even suggested that the dummy eye image could be taken from social media.

The image of the iris was then printed on a laser printer (ironically, a Samsung one) and a contact lens was placed on top to give it depth. That same device - the Note 7, is in the process of being re-released as a Samsung Galaxy Note 7 FE, AKA "Fandom Edition".

Samsung's Galaxy S8 has already been declared the most breakable smartphone ever, and now its biometric security seems pretty weak at best-so it's hackable and crackable.

The Galaxy S8 is the first smartphone with iris recognition technology and the biometric solution is made by Princeton Identity.

The most significant advantage to using an iris scanner compared to face recognition is that ordinary photos normally can't fool it.

The iris scanner wasn't the only biometric security measure the CCC team was able to bypass. The hackers used a photo shot in night mode and from a medium distance, about the same range that would pop up in a Facebook profile picture or a selfie.

In the video you can see that to break them had the normal camera, the printer, and contact lenses. Attackers cannot only get access to the phone's data, but also to the mobile wallet.

Traditional PIN protection was "a safer approach than using body features for authentication", Engling said.

Samsung introduced iris scanning into the S8 as an alternate way of unlocking the device and authorizing payments.

Samsung claimed that the iris scanning technology of the Galaxy S8 had been through rigorous testing to prevent attempts to compromise its security.

Recommended

Palestinian Prisoners in Israel End Hunger Strikes After Main Demands Met Palestinian Prisoners in Israel End Hunger Strikes After Main Demands Met The strike was led by Marwan Barghouti, a Palestinian leader in jail for life after being convicted of murder. The issue is a source of tensions between the sides.

Unruly, 'Disheveled' Man Subdued on Jet Heading to Hawaii Department of Homeland Security Secretary John Kelly was briefed on the disturbance, according to a statement from the department. After the disturbance, Uskanil was escorted back to his seat, where he was restrained with duct tape , according to witnesses.

British Airways cancels flights amid global computer outage British Airways cancels flights amid global computer outage Last September , British Airways' check-in system down because of a computer netrwork failure, causing worldwide service delays. She said passengers had been told they could not transfer to other flights because "they can't bring up our details".

JP: Sunshine today with late weekend storms JP: Sunshine today with late weekend storms This will be due to a cool front that will bring gusty winds and cooler temps. we drop into the upper 60s for highs. It will be breezy with winds gusting up to 23 miles per hour , meteorologists in Boulder predict.