Samsung has been touting the iris scanner as the most secure biometric security they can offer. The company even lets you use it to authorize Samsung Pay transactions.
But one security group known as the Chaos Computer Club — CCC for short — set out to prove that, like fingerprint sensors, it could be tricked. The group was able to use a fairly high-resolution image of an eye and surrounded it with a silicon bubble to simulate the curvature to dupe the phone into thinking it was a real eye.
The result? Access to the phone without the actual original eye. The CCC says even a typical image from, say, your Facebook profile could provide the iris sensor with all the information it needs if the resolution is high enough.
They even prove it with a video demonstration showing a typical camera taking a photo of a person at medium distance. That photo was then printed out on a Samsung laser printer (somehow perfect, right?) and doctored up for the scanner to accept.
This just underlines a concern we’ve already lived through with the fingerprint sensor and facial recognition. Manufacturers will try and push biometric security as the more secure option, but really it’s only more convenient. More often than not, a traditional password or PIN is still more secure because it’s not as easy to pry into someone’s brain as it is to grab a selfie from Facebook.
But really, the question here is whether you care enough to ditch that convenience. Personally speaking, I’m not holding state or company secrets on my phone. Were I to lose it, nothing on it really stresses me out if it got in another’s hands. Plus, I can force the need for a password by using the Android Device Manager to activate a screen lock if I need to. I’d just have to hope the perp doesn’t gain the means to replicate my fingerprint or iris fast enough.
All of that — coupled with the fact that my phone rarely leaves my sight — leads me to accept the convenience and speed of biometrics regardless of its inherent downsides. Decide for yourself and set your phone up appropriately, folks!
[via CCC]