Iris scanning is the future — so let's make sure our info is secure.
The Samsung's flagship Galaxy S8 comes equipped with biometric technology that scans a user's iris to identify the device's authentic owner. The human iris is unique, so the iris scanner is intended to offer heightened security in comparison to a passcode, pattern or even a fingerprint. Samsung calls it "airtight security."
But now, a German group of white-hat hackers are saying hacking an iris scanner is easier than it seems.
The Chaos Computer Club claims to have figured out a simply way to dupe the iris-scanning technology in the Samsung handset. "Iris recognition may be barely sufficient to protect a phone against complete strangers unlocking it," says the CCC in a post. "But whoever has a photo of the legitimate owner can trivially unlock the phone."
The CCC released a video showing the simple hack: They used the night mode on a Sony digital camera, took an infrared picture of someone's eyes from a distance, cropped it, printed it at life-size and placed a contact lens on the printed iris to add curvature. This was accepted by the S8 as a form of authentication.
The CCC is known for spotlighting vulnerabilities in biometric authentication systems. In the past, it has revealed how a photograph of a fingerprint can make a fake finger that can get access into an iPhone. Researchers at New York University and Michigan State University found that while identical fingerprints are rare, biometric systems can be fooled by similar prints.
As the iris scanning market grows — the $676.6 million market in 2016 is expected to reach $4.1 billion by 2025 — the conversation about the technology's security is inevitable. According to CCC spokesperson Dirk Engling, the security threat associated with iris scanners is greater than that of fingerprint scanners. "The security risk to the user from iris recognition is even bigger than with fingerprints as we expose our irises a lot," Engling said in a statement. "Under some circumstances, a high-resolution picture from the internet is sufficient to capture an iris."
The iris scanning technology's hackability opens doors to a breach of privacy. It could be a government agency like the FBI — last year, the FBI admitted to storing iris scans from 434,000 arrestees — or a nefarious mastermind.