Clueless Samsung Responds to Iris Hacking Demo by CCC

Following revelation of a method for hacking the iris scanner of the Galaxy S8 and Galaxy S8 Plus by a collective hackers team called the Chaos Computer Club (CCC), Samsung Electronics said its iris recognition technology has been tested several times before the release and assured more checks on its viable application for authentication.

In a statement released to media on Tuesday, the South Korean smartphones maker asserted that the authentication of its iris scanning solution provided with the latest Galaxy S8 lineup has been tested rigorously and is capable of reliably identifying users.

Samsung said the solution was designed to avoid being tricked using a picture of one’s iris but it is still clueless about how CCC achieved the same using images of an iris to hack the smartphone. Samsung vowed to fully probe the issue and analyze if any other possible vulnerability of its authentication technology was weak enough to be hacked.

The question is, whether Samsung would opt for a software update to fix the problem or requires all the smartphones to be shipped back for a mechanical update, recalling five million units sold in less than a month of its release. It may, however, opt for improvements in its next lineup using an improved iris detection authentication, perhaps integrating it with the upcoming Galaxy Note 8 that’s for release after July.

What CCC showed was that the mechanism was too weak to be an authentication process. They showed how a photo of an unsuspecting subject from a medium distance was enough to trick the iris scanner of the Galaxy S8, which is a palpable security vulnerability that requires attention and an alternative solution.

Developed by Princeton Identity, Inc., the latest revolutionary method of biometric authentication was able to detect the involuted structures of the iris, requiring an accurate capture through video camera technology.

CCC spokesperson Dirk Engling said using the iris scanner feature to use as identification may not be the safest way as compared to the standard inputting of PIN. The video shared by CCC used a dummy-eye to replace the true owner of the eye.

They took a picture of the owner’s iris using a digital camera and in order to capture the details of the iris, the infrared light spectrum was used. Once this filter is removed, they were able to hack the owner’s iris, even in a distance of five meters using a 200mm lens, besides all aspects of brightness, contrast and picture quality. If the picture was clear, then the security of the owner’s identity is easily compromised.

CCC had earlier claimed to have unlocked the fingerprint recognition technology of the iPhone’s Touch ID. As Samsung is planning its “Samsung Pay”, using the iris recognition, may endanger the confidentiality of its users and may result to easy phishing of data, warned CCC.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.