Samsung "Galaxy S8" It is extremely easy to break through the iris authentication

Samsung's new flagship terminal "Galaxy S8 / S8 +"Was officially announced in March 2017, au from June 8, 2017ReleaseIt is also decided to be done. In addition to the conventional fingerprint authentication function, this terminal recognizes the iris pattern of the eye and identifies the user "Iris authenticationAlthough it carries the function, it is talked about that this is surprisingly easy to break through.

CCC | Chaos Computer Clubs breaks iris recognition system of the Samsung Galaxy S8
https://www.ccc.de/en/updates/2017/iriden

Breaking the iris scanner locking Samsung's Galaxy S8 is laughably easy | Ars Technica
https://arstechnica.com/security/2017/05/breaking-the-iris-scanner-locking-samsungs-galaxy-s8-is-laughably-easy/

Samsung claims that Galaxy S8's iris certification is "one of the safest ways to keep your smartphone locked", but hackers are easily breaking through this iris certification. The actual tool used to break through the iris authentication is the digital camera · printer · contact lenses, the cost of preparing these are Galaxy S8 main unit price of 725 dollars (approx. 81 thousand It seems to be cheaper than yen). Although it seems that the printer tried things of various makers, Ironically, the one made by Samsung gave the best results. To hack, first shoot the face of the owner of Galaxy S8 with a digital camera and print this on paper. It seems that you can break through the authentication just by placing the contact lens on the iris portion of the printed photo and holding it over the locked terminal.

A movie that actually practices a series of work to break through the iris certification of Galaxy S8 has also been released.

media.ccc.de - Hacking the Samsung Galaxy S8 Irisscanner


First of all we will prepare a digital camera.


Using the infrared night-mode camera, turn this night mode on ... ....


I shot the owner of Galaxy S8 from about medium distance.


And print photos.


Next, set up with Galaxy S8 to use the iris authentication function ... ...


Register iris information.


After confirming whether the terminal can actually be unlocked by iris authentication ......


Using tweezers, place the contact lens on the iris portion of the printed photo.


Display the iris recognition screen with Galaxy S8 ... ...


When you hold the paper on which the contact lens sticks ... ...


It was too easy to break through the certification.


Hacker Starbug who broke through iris authentication gave Ars Technica of foreign news media "Since Galaxy S8 was one of the major smartphones that provided a means of iris authentication instead of password for the first time, I decided to use it for it. " In addition, it says to investigate whether it can break through the same way if a terminal equipped with the iris authentication function appears in the future.

Samsung who developed Galaxy S8's iris authentication technologyPrinceton IdentityClaims that it provides highly confidential security that the user "can reliably believe that the smartphone is protected in the end", but it is possible to break through the authentication in a manner other than the correct usage method It became clear that it is. However, these things are not limited to iris authentication, it is often the case with fingerprints and other biometrics, and smartphone fingerprint authenticationCan be broken by fingerprint printed with ink jet printerThe research results that have been announced, too.

Starbug said, "Iris authentication is the next generation of important technology for mobile devices, especially for compact, low machine power such as smart phones, prevention of hacking is very difficult, hiding the iris rather than hiding the fingerprints for humans Because it is difficult, it will make it more difficult in terms of security. "

In addition, Ars TechnicaU2FWhile biocompatibility may be optimal to use in combination, etc., fingerprint authentication is said to be "too insufficient", especially when used alone. Actually, smartphone fingerprint authentication is "It is the largest vulnerability of smartphones"There is also an indication that there is also so, it is too dangerous to rely too much on biometrics, not just Galaxy S8.