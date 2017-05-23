Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Encryption Security Technology

Hackers Unlock Samsung Galaxy S8 With Fake Iris (vice.com) 25

Posted by msmash from the there-you-go dept.
From a Motherboard report: Despite Samsung stating that a user's irises are pretty much impossible to copy, a team of hackers has done just that. Using a bare-bones selection of equipment, researchers from the Chaos Computer Club (CCC) show in a video how they managed to bypass the scanner's protections and unlock the device. "We've had iris scanners that could be bypassed using a simple print-out," Linus Neumann, one of the hackers who appears in the video. The process itself was apparently pretty simple. The hackers took a medium range photo of their subject with a digital camera's night mode, and printed the infrared image. Then, presumably to give the image some depth, the hackers placed a contact lens on top of the printed picture.And, that's it. They're in.

  • I unlocked it by playing a Goo Goo Dolls track [youtube.com].

  • Let's see.. their last phone literally exploded, but this one is safe enough to point a laser at your eye?
  • If a device only check for one thing, in this case, iris pattern, the device cannot know if it is a real eye for sure. Validating the iris and fingerprint, or iris and voice recognition, or iris and DNA would already be more secure, but as I come up with these ideas, I always find a way these things can be fooled together. It just makes it more complicated to fool 2 sensors at a time, but absolutely not out of reach of 3 letters agencies. I think iris scan combined with voice and a plain old password would already be some sort of security.

      by Sique ( 173459 )
      The general problem is still unsolved. If your iris and your fingerprint id are broken, how do you replace them with new ones?

      That's the general problem with biometric identification. Once you can overcome the limits of the scan mechanism, and impersonate someone else, there is nothing the impersonated one can do to close the door again, until new scan mechanisms are in place which have to be fooled in a new manner.

      • The general problem is still unsolved. If your iris and your fingerprint id are broken, how do you replace them with new ones?

        This statement indicates that you erroneously believe that biometric authentication security (such as it is) is based on secrecy of the biometric patterns. This is not the case, and cannot be the case. Since the security (such as it is) does not derive from secrecy, rotation is useless and irrelevant. Your biometrics are public information; fingerprints are left everywhere and your iris structure can be extracted from any decent photograph. Given that, supposing you could rotate your biometrics, the new val

      Biometrics are really analogous to user names, not passwords. I really have no idea why they keep insisting that they are the next thing in security.

    • That the difference between identification and authentication.

      You can ID people with iris,fingerprint,DNA.
      You cannot authenticate their intent that way. That's why we have PIN numbers and passwords.

  • I am so happy! According to Hollywood, hacking into an iris-scan protected phone means ripping out somebody's eyeball. https://www.youtube.com/watch?... [youtube.com]

    I'm glad to hear you can do it with a camera instead.

  • Iris (or retina) scanning is scary, because it encourages thieves to steal your eyeballs. http://www.flickeringmyth.com/... [flickeringmyth.com]

  • It's not like these companies are entrusted with anything special. Millions of people don't use their smart phones for anything more than calling and texting family or friends. And there's absolutely nothing which can be done with that information. So who cares about privacy? This is just enough for you to feel like there's security in place. Just like with the fingerprint scanner. There's no way those could have flaws which allow someone to bypass it with one of twenty possible fake fingerprints.

    That'd be

  • In my LinkedIn feed, someone posted the results of an attempt to use the retina scanner at an airport in order to go through the faster "Clear" security line.

    The scanner identified the person's retina as belonging to a completely different person.

    And we rely on these systems?

  • ...wait, I was told AI was right around the corner. Are you telling me we can't even make simple software work?
  • There are many sci-fi works of fiction that came up with plausible ways to circumvent eye scanner passwords, this is hardly a shock. Everyone said fingerprints would enhance security , Well we could get past that with talcum and scotch tape. Voice print->voice recorders. Eyes->high scale image scanners/cameras. What's next? Brain scanners? I'M happy with rotating passwords of 16+ chars thanks.
