Hackers Unlock Samsung Galaxy S8 With Fake Iris (vice.com) 25
From a Motherboard report: Despite Samsung stating that a user's irises are pretty much impossible to copy, a team of hackers has done just that. Using a bare-bones selection of equipment, researchers from the Chaos Computer Club (CCC) show in a video how they managed to bypass the scanner's protections and unlock the device. "We've had iris scanners that could be bypassed using a simple print-out," Linus Neumann, one of the hackers who appears in the video. The process itself was apparently pretty simple. The hackers took a medium range photo of their subject with a digital camera's night mode, and printed the infrared image. Then, presumably to give the image some depth, the hackers placed a contact lens on top of the printed picture.And, that's it. They're in.
That's nothing. (Score:2)
I unlocked it by playing a Goo Goo Dolls track [youtube.com].
Who would point a Samsung laser at their eye? (Score:1)
Re: (Score:2)
That should work fine. Twice.
Single biological authentication doesn't work (Score:3)
Re: (Score:2)
That's the general problem with biometric identification. Once you can overcome the limits of the scan mechanism, and impersonate someone else, there is nothing the impersonated one can do to close the door again, until new scan mechanisms are in place which have to be fooled in a new manner.
Re: (Score:2)
The general problem is still unsolved. If your iris and your fingerprint id are broken, how do you replace them with new ones?
This statement indicates that you erroneously believe that biometric authentication security (such as it is) is based on secrecy of the biometric patterns. This is not the case, and cannot be the case. Since the security (such as it is) does not derive from secrecy, rotation is useless and irrelevant. Your biometrics are public information; fingerprints are left everywhere and your iris structure can be extracted from any decent photograph. Given that, supposing you could rotate your biometrics, the new val
Re: (Score:1)
Biometrics are really analogous to user names, not passwords. I really have no idea why they keep insisting that they are the next thing in security.
Re: (Score:2)
That the difference between identification and authentication.
You can ID people with iris,fingerprint,DNA.
You cannot authenticate their intent that way. That's why we have PIN numbers and passwords.
I am so happy! (Score:2)
I'm glad to hear you can do it with a camera instead.
I'd rather keep my eyeballs (Score:2)
No big surprise there (Score:2)
It's not like these companies are entrusted with anything special. Millions of people don't use their smart phones for anything more than calling and texting family or friends. And there's absolutely nothing which can be done with that information. So who cares about privacy? This is just enough for you to feel like there's security in place. Just like with the fingerprint scanner. There's no way those could have flaws which allow someone to bypass it with one of twenty possible fake fingerprints.
Retina scans not unique? Or just bad? (Score:2)
In my LinkedIn feed, someone posted the results of an attempt to use the retina scanner at an airport in order to go through the faster "Clear" security line.
The scanner identified the person's retina as belonging to a completely different person.
And we rely on these systems?
But wait... (Score:2)
Re: (Score:1)
Something you know
Something you are
Your iris is only one of them, therefore the system isn't too secure.
nothing is impossible to copy (Score:2)
