Subscribe to our newsletters
Sign Up

The Hacker News — Cyber Security, Hacking, Technology News

Thursday, March 30, 2017 Swati Khandelwal

samsung-galaxy-s8-facial-unlocking
Samsung launched its new flagship smartphones, the Galaxy S8 and Galaxy S8 Plus, at its Unpacked 2017 event on Wednesday in New York, with both IRIS and Facial Recognition features, making it easier for users to unlock their smartphone and signing into websites.

All users need to do is simply hold their Galaxy S8 or S8 Plus in front of their eyes or their entire face, as if they were taking a selfie, in order to unlock their phone.

Biometric technology – that involve person's unique identification (ID), such as Retinal, IRIS, Fingerprint or DNA – is now being integrated into more consumer devices for improved security.

But, we have seen a number of hacks involving Biometric security systems in the past, which prove that fingerprint scanner and IRIS scanner are less secure than a passcode and can be fooled by anyone, perhaps, using a photograph of the user.

But how secure is the built-in sensor from Samsung to allow for facial recognition? Not so much...at least for now.

I was wondering if the new facial recognition integrated into Samsung's Galaxy S8 and S8 Plus can be fooled into unlocking a device using a photograph of the device owner, and somebody just made it possible.

Video Demonstration

YouTube vlogger iDeviceHelp posted a video on his channel, in which Marcianotech demonstrated that unlocking a Galaxy S8 or Galaxy S8 Plus is as simple as getting the device owner's picture from Facebook and waving that photo at the phone.

It is unclear, at this moment, as to how precise the photo used in the demonstration should be compared to the real face? Or at what distance the phone was held from the camera? Or what angle they chose during the registration of the recognition?

But what's clear is the fact that a gap remains in the security system of the Samsung's new facial recognition feature.

Moreover, there are reports that Samsung’s Galaxy S8 would include a facial recognition feature for mobile payments in the coming months.

The company has yet to comment on this issue, so we hope that this is because the software is still in a demo state for now, or maybe it is just a bug that Samsung will be addressing before the device ships out on April 21.

Whatever be the case, the Galaxy S8 and S8 Plus do offer other security tools, including IRIS scanning and fingerprint scanning, as well, so you'd rather use these security features to unlock your device, or simply your passcode; instead of the facial recognition, for now.

Friday, March 06, 2015 Swati Khandelwal

bypass hack IRIS Biometric Security Systems
Biometric security systems that involve person's unique identification (ID), such as Retinal, IRIS, Fingerprint or DNA, are still evolving to change our lives for the better even though the biometric scanning technology still has many concerns such as information privacy, and physical privacy.

In past years, Fingerprint security system, which is widely used in different applications such as smartphones and judicial systems to record users' information and verify person's identity, were bypassed several times by various security researches, and now, IRIS scanner claimed to be defeated.

Don't worry! It's not like how they do it in movies, where an attacker needs to pull authorized person's eye out and hold it in front of the eye scanner. Instead, now hackers have finally found a simple way to bypass IRIS Biometric security systems using images of the victims.

The same security researcher Jan Krissler, nicknamed Starbug, from the famous Chaos Computer Club (CCC), who cloned fingerprint of a Germany's federal minister of defense using her pictures taken with a "standard photo camera" at a news conference, have claimed that the same technique is possible to fool IRIS biometric security systems.

Back in December, at 31st Annual Chaos Computer Conference in Hamburg Germany, Krissler explained how he used a close-up photo of Ms Ursula von der Leyen's thumb taken from different angles and created an accurate thumbprint using commercial fingerprint software from Verifinger.

Krissler then created an accurate clone of the minister’s thumb print, though he wasn't able to verify whether the clone matched with the copy of von der Leyen’s thumb, as he hadn't gotten her permission to carry out his further tests.

However, in an upcoming talk at the Vancouver-based security conference this month, Krissler will detail how the similar thing can be done with eyes simply by using pictures gathered from the Internet.

IRIS SECURITY SCANNER HACK DEPENDS UPON:
He told Forbes that the attack depends on a number of factors, such as-
  • Target’s eyes must had to be bright because of the way the infrared-based system his company bought for Krissler used light.
  • The image should be large and expanded.
  • Image of the iris with diameter of 75 pixels.
  • Print out should have a resolution of 1200 dpi
The major difference between the two technique is that unlike fingerprint biometric security systems bypass that requires to create a proper clone of the finger, IRIS recognition hacks only need is the print out, the researcher claims.
"We have managed to fool a commercial system with a print out down to an iris," Krisser told Forbes. "I did tests with different people and can say that an iris image with a diameter down to 75 pixel worked on our tests. The print out had to have a resolution of 1200 dpi too, though it’s easy to find printers able to hit that specification today, and ideally at least 75 per cent of the iris was visible."
So, an attacker willing to carry out this kind of attack just needs a high definition picture of the target person with a lovely bright eyes, and unsurprisingly, there are a vast number of high quality images of some of most powerful personality in the world are available on the Internet.
putin-eye-scan
A simple search on Google Images can provide you with a number of attractive targets from the political world, including Russian president Vladmir Putin, Hillary Clinton and UK prime minister David Cameron.
obama-eyes
Krisser found an election poster of Angela Merkel with an Iris diameter of 175 pixels that was ideal.

Biometric Security Systems has been used in airports and other high-secure buildings for a long time to permit access to sensitive tools and information.

Though many of these biometric security products offer great promises, but hackers and criminals will not just give up their self-enriching efforts to defeats every new technology.

Newsletter Subscription

Subscribe to our newsletter and get all latest hacking news, free eBooks delivered to your inbox.

Join Over 450,000 Subscribers!