Home Applications and software Samsung s8 irises do not work. Hackers were able to fool the iris scanner of the Samsung Galaxy S8 (video). Galaxy S8 can be turned into a desktop computer

Samsung s8 irises do not work. Hackers were able to fool the iris scanner of the Samsung Galaxy S8 (video). Galaxy S8 can be turned into a desktop computer

The first reports of “hacking” of the biometric protection systems of Samsung’s flagship smartphones (Galaxy S8 and S8+) actually occurred on the day of their presentation, at the end of March 2017. Let me remind you that at that time the Spanish Spanish observer MarcianoTech conducted a live Periscope broadcast from a Samsung event and deceived the facial recognition system in live. He took a selfie on own phone and demonstrated the result Galaxy photo S8. Oddly enough, this simple trick worked and the smartphone was unlocked.

However, Samsung flagships are equipped with several biometric systems: a fingerprint scanner, an iris recognition system and a facial recognition system. It would seem that fingerprint and iris scanners should be more reliable? Apparently not.

Chaos Computer Club (CCC) researchers report that they were able to fool an iris scanner using an ordinary photograph taken from a medium distance. Thus, the famous specialist Jan “Starbug” Krissler writes that it is enough to take a photograph Galaxy owner S8 so that his eyes are visible in the frame. Then you need to print the resulting photo and show it to the front camera of the device.

The only difficulty is that modern iris scanners (as well as facial recognition systems) can distinguish 2D images from a real human eye or face in 3D. But Starbug easily overcame this difficulty: he simply glued a contact lens over a photograph of the eye, and that was enough.

To achieve the best result, the specialist advises taking photos in night mode, as this will allow you to capture more details, especially if the victim’s eyes are dark. Chrissler also writes that it is better to print photos on Samsung laser printers (what an irony).

"Good digital camera with a 200mm lens it will be enough to capture an image suitable for fooling an iris recognition system from a distance of up to five meters,” summarizes Chrissler.

This attack may turn out to be much more dangerous than a banal deception of the facial recognition system, because if the latter cannot be used to confirm payments in Samsung Pay, then the iris of the eye can be used for this. Find high-quality photograph victims these days are clearly not difficult, and as a result, the attacker will be able not only to unlock the device and gain access to the user’s information, but also to steal funds from someone else’s Samsung Pay wallet.

Chaos Computer Club specialists warn users that they should not trust biometric security systems too much and recommend using good old PIN codes and picture passwords.

The video below illustrates step by step all the stages of creating a fake “eye” and demonstrates the subsequent deception of the Samsung Galaxy S8.

Representatives of Samsung commented on the situation:

"The company is aware of this announcement. Samsung assures users that the iris recognition technology in the Galaxy S8 was developed and implemented after rigorous testing to ensure a high level of scanning accuracy and prevent unauthorized access attempts.

The method described in the mentioned material can only be implemented using complex technology and the coincidence of a number of circumstances. You need a high-resolution photograph of the retina taken with an IR camera, contact lenses and the smartphone itself. An internal investigation found that achieving results using this method was incredibly difficult.

However, even if there is a potential vulnerability, the company’s specialists will make every effort to ensure the security of users’ confidential and personal data as soon as possible.”

The Galaxy S8 and S8+ have three biometric sensors: a fingerprint scanner, an iris scanner and facial recognition using the front camera. They are used for user authentication for different purposes, although some of their capabilities are duplicated.

Fingerprint scanner

The fingerprint scanner is used in the Galaxy S8 and S8+ to unlock the screen (including in conjunction with entering a password), as well as to confirm identity in applications and to confirm payments (in Google Play, Android Pay, Samsung Pay and other services).

Previously, Samsung placed such a scanner on the front, but on new smartphones it is located on the back next to the camera. Samsung probably understands that this is not a good solution, so it even included a reminder in the camera to periodically clean the camera lens (which can get dirty when the user tries to fumble the scanner).

Iris scanner

Like fingerprints, the iris pattern is unique to each person. This scanner replaces fingerprinting and has a number of advantages - for example, there is no need to touch the device (which can be critical when your hands are dirty or damp). This scanner allows you to unlock your smartphone, verify Samsung account, as well as login to applications and websites. It also has disadvantages - slowness of operation and low accuracy of user recognition.

Front camera with face scanner

Face scanning is the newest and most promising technology. According to Samsung, it allows you to unlock the smartphone instantly (in 0.1 s), and the user’s face can be at a great distance from the front camera.

Currently, face scanning is used to unlock a smartphone and replaces entering a PIN code, password, or graphic code. Samsung is not entirely confident in the security of this technology, so it cannot be used to confirm payments in Android Pay and Samsung Pay. It is unlikely that it will be possible to deceive this scanner using an ordinary photograph, but this does not mean that hackers will not invent ways to bypass the protection - for example, using a three-dimensional image or a mask.

Why couldn't Samsung get by with one scanner for all situations? This is probably what this is all about. It is possible that the next flagships will use only one of the currently available scanners, but there is also a possibility that the company will combine several technologies, and biometric protection will analyze several parameters at once, which will significantly increase its reliability.

Face and iris recognition on the Samsung Galaxy S8 is one of the most sensational and controversial innovations. How does this functionality work? Is it convenient and can it be used? I will try to answer these questions based on the month of using the device.

Samsung S8 Face Recognition

It’s not very clear why people are so excited about facial recognition - this feature has been available for a long time and in many phones. No one hid the fact that face blocking is done using a photograph; moreover, the phone contains a corresponding warning about the low reliability of this method. The question is, who needs to open the phone with your photo? For most owners, this threat is in the realm of theoretical horror stories.

The main drawback of face recognition on the Samsung S8 is its poor recognition in low-light conditions. Since the Samsung S8 uses a regular camera rather than an infrared one, face recognition starts to fail at dusk and doesn’t work at all in the dark. In addition, the camera does not recognize a face well if part of it is covered by glasses, or a strong shadow falls on half of the face (for example, from a cap), or you laugh wildly (the shape of the face is greatly distorted), etc.

Pros - in comparison with retinal recognition (see below), the face is recognized at larger angles and at a greater distance (up to 70 cm). I would especially like to note that not only the angle between the face and the phone is larger, but also between the surfaces of the face and the surface of the phone.

The second plus is the recognition speed. In good lighting conditions, the phone will unlock almost instantly.

The presence of a virtual home button on the Samsung S8 allows you to unlock the phone with your face without lifting it from the table. In this case, you need to tilt your head slightly towards the phone or even just look at it. The closer the phone on the table is to you, the faster and more confidently the recognition occurs.

The first tip is that since the Samsung S8 captures a flat image, when registering a face, take the photo slightly below, this is the position in which your face will most often be in relation to the smartphone. You don't have to shoot at eye level. In general, if you have problems with recognition, experiment several times.

The second tip is that facial recognition is faster if you look at the camera, at the top of the phone, and not at the smartphone screen. In extreme positions, the smartphone may not recognize a face at all or may take a long time to recognize if you look at the center of the screen. You just have to look up and recognition “happens.”

Accelerated recognition or normal?

"Normal" recognition by Samsung information it is more protected from “hacking”, but it works significantly longer than the “accelerated” one and is more critical to the orientation of the smartphone relative to the face. In my opinion this is not an option. By default, "accelerated" face recognition is offered.

If you are so concerned about safety, then it is better to use an eye scanner.

Samsung S8 iris recognition

Iris recognition technology is only gaining popularity in the world. It also does not guarantee 100% protection; it is theoretically possible to bypass it, but it requires significant resources (as is the case with bypassing facial recognition in the iPhone X). Hardly to the average user it's worth worrying about.

The main advantage is that it works in any lighting conditions, since the camera is infrared. It works quite quickly, although the speed greatly depends on the position of the face and smartphone relative to each other. You can completely cover your face, leaving only your eyes, this will not affect recognition in any way.

Of the minuses:

The viewing angle and distance for camera reading are smaller than for face recognition; accordingly, the smartphone must be held closer and straighter. A slight tilt of the head and the eyes do not fall into the lens. If recognition does not work, a video hint may appear on the screen - your face and circles where you need to direct your eyes.

In ordinary diopter glasses it only works when the smartphone is placed in front of the eyes. In plain lenses there is also a slight decrease in recognition.

If the phone is lying on the table, then you need to hang over the phone in a sense so that the pupils fall into the camera's field of view and the phone unlocks. Not an option.

Advice - to unlock it, it is best to look at the red LED, which turns on when scanning the iris, since it already attracts the eye.

This habit is developed quickly and significantly increases the speed of unlocking your phone.

Where do recognition unlocks most often fail?

The main problem area, as iPhone X owners note, is the car. The need to raise the phone to your face, and in the case of Samsung, added interference in the form of glasses and poor lighting conditions - all this makes recognition difficult. However, my car is included in the list of trusted devices and the phone is not blocked in it, so there is no need to recognize anything.

Fingerprint unlocking.

If recognition does not occur, you can unlock the phone using a PIN code (pattern) or fingerprint. Fears about the lens being extremely dirty are greatly exaggerated. I don’t know about anyone, but with my long fingers it’s physically inconvenient to miss the scanner and get into the lens. When you take the device, your finger immediately falls into the “right” place. However, it seems that in my case this is helped by a thin protective bumper placed on the smartphone - the place for the fingerprint scanner is separated by a side and it helps not to make mistakes.

Let me summarize

Both types of recognition in Samsung S8 do not work perfectly. In 40% of cases the phone unlocks quickly, in 20-30% you have to slightly reposition (slightly change the tilt or position) the phone or head. In the remaining cases, either strong repositioning occurs, or unlocking occurs with a fingerprint.

Face scanning works faster and in larger ranges based on the placement of the smartphone relative to the head; iris scanning is more reliable and works in larger ranges based on lighting conditions.

iPhone X vs Samsung Galaxy S8 recognition

I can’t compare one to one with iPhone X recognition, I don’t have it. There are demo samples in stores, they do not allow you to “sew your face” into the system. FaceID can only be checked in demo mode by pressing a button.

In this demo mode, under normal lighting conditions of the sales floor, facial recognition of the Samsung Galaxy S8 works almost instantly, iris scanning is often faster or on par with the iPhoneX. Once again, I couldn’t test it in combat mode.

In general, it should be noted that recognition in iPhone X should be implemented better due to the use of more modern technologies. It will be an advantage when working in poor lighting conditions, in cases where the eyes or face are partially closed.

Certain minus iPhone I think there is no fingerprint scanner. There are times when you need to secretly unlock your phone without lifting it to your face; a finger scanner comes in handy in this situation.

However, it seems to me that the very idea of recognizing a face or iris will still not work 100%, since it is demanding on the positioning of the smartphone relative to the face. As soon as it is possible to make a normal fingerprint scanner built into the screen, manufacturers should return to this solution and will use them together. Statistics show that 60% Samsung owners S8 continues to use a fingerprint scanner as the main unlocking method, the rest use scanners or combine both methods.

In general, I can write a separate report about the Samsung Galaxy S8, if you have questions, write, I will answer.

Not long ago a new Samsung flagship Galaxy Note 7. One of his key functions It became possible to unlock the device by scanning the iris of the eye.

What does the general scheme of iris scanning look like?

The iris of our eyes, like a fingerprint, has its own unique pattern. Therefore, it is a convenient means of authentication. Biometric civil passports, if you remember, record exactly this information, because unlike a fingerprint, it is not yet possible to fake an iris. Moreover, it does not change over time.

However, the scanner does not just take a photograph of your eye and then compare it with the original. In practice, the procedure begins with a directed infrared ray near spectrum. This light is much better for identification than daylight, because it is easier for the camera to capture the iris pattern illuminated by IR light. In addition, such a scanner can work in the dark. In this case, even people with poor vision can undergo the iris identification procedure, since the IR beam passes freely through transparent glasses and lenses. After the iris pattern is fixed, the algorithm translates the iris pattern into code, which is compared with the existing database.

Capturing an eye image - resulting image - identifying the iris and eyelid - selecting this area - removing the eyelid from the image - normalizing this area - transcoding - comparison with the database

What is special about the Samsung Galaxy Note 7 scanner?

For the most part, the scanner of the new phablet from Samsung works according to the scheme described above; an interesting detail is that on the front panel of the Galaxy Note 7 there is a camera that deals exclusively with iris recognition. Why front camera can't perform this task? Because the camera must be sensitive to the IR spectrum. IN regular cameras IR light is filtered because it spoils regular photographs. In addition, the reading camera has a narrower viewing angle to better see the user's eye, especially at a distance.

How safe is it?

Some users have expressed concern that such a scanner in the Samsung Galaxy Note 7 may be unsafe, in particular whether its frequent use will lead to permanent eye damage. Such questions are quite reasonable, because to scan, the smartphone sends a beam of light directly into your eye, and since this light is invisible to humans, the pupil does not try to protect itself from it, so the light hits the retina without encountering any obstacles.

In fact, we cannot be 100% sure that frequent use of the Samsung Galaxy Note 7 iris scanner will not have some effect on our eyes. If an optometrist is reading this article right now, we'd love to hear your expert opinion on this matter.

The company itself warns users that there is no need to hold the smartphone too close to your eyes during identification, if you follow this warning everything should be fine. However, since iris readings are not that common, mass testing and human-based results are not yet available. When they appear, it may be too late to warn anyone, or maybe vice versa - confirmation will come that the function is completely safe.

Is this the same as a retinal scanner?

If you are confused, let me clarify, scanning the iris and retina are similar processes, but differ in the basic principle. When scanning the retina, the algorithm does not read the retinal pattern, but the fundus image. But for everyday use it is much easier to use an iris scanner, since to read the retina the device must be brought close to the eye. In the case of a smartphone, this would look very stupid.

Why is this necessary?

Smartphones have had fingerprint readers for a long time; they are fast, reliable, secure and cheap enough to be installed even in Chinese smartphones less than $200. Why do we need iris scanners then? Mainly because they are several times more reliable and safe. The main argument is that we leave fingerprints on almost every surface we touch, which means it’s much easier to get a copy of the fingerprint. At the same time, wet and dirty fingers are often difficult for the device to recognize. It is extremely difficult to obtain a copy of the iris, and the inside of the eyes is never stained with dirt, so it is much easier for the owner to use authentication in any conditions. Although, in the movies they have long come up with a way to bypass this protection:

Does technology have a future?

I believe that the Samsung Galaxy Note 7's scanner will not make it a hit. Yes, this technology works and you can show it off to your friends, but for most, using a fingerprint scanner will be enough. However, it is possible that the new product will be appreciated primarily by the corporate segment, which needs to protect information on their smartphone better than others. For ordinary people, I think, it will be too lazy to bring the smartphone to a certain distance, while still performing the necessary actions. But this does not mean that Samsung will not develop the technology or that it will suddenly not take off and even migrate to the iPhone. This serious toy has a chance.

New product from Samsung. Flagship Galaxy smartphone The S8 came out and impressed many. It was followed by the equally impressive Galaxy S8 Plus. Of course, Apple will respond to Samsung's success with its own new products, but until this happens, we can highlight ten features that will be available to owners of the new Galaxy that are not available to iPhone owners.

1. Retinal scanner

This feature allows you to unlock your smartphone with a simple glance. Dirty and wet hands are no longer a hindrance. The feature debuted on the Galaxy Note 7, but the device had to be recalled. Buyers of the Galaxy S8 and Galaxy S8 Plus will be able to try out the capabilities of the retinal scanner.

2. Face recognition

In addition to the retina scanner and fingerprint scanner Samsung fingers added a face recognition feature. You can also use it to unlock your smartphone. Unfortunately, to do this, it is enough to have a photo of the owner of the smartphone. However, it is noted that facial recognition works much faster than biometric scanners.

3. Large curved screen

Galaxy S8 has a 5.8-inch display. Galaxy S8 Plus was equipped with a 6.2-inch display. Both displays occupy almost the entire front panel of the smartphone and have curved edges. Nothing like it on the iPhone at the moment No.

4. Fast charging And wireless charging

These two functions no longer surprise Galaxy users, but Apple smartphones these technologies have not yet been implemented.

5. 3.5mm jack

Yes, iPhone 7 owners are deprived of the ability to use regular headphones or connect their smartphone to a stereo system using AUX. IN new Galaxy the connector remained in place.

6. Samsung Pay works with any terminals

Apple Pay is incredibly convenient payment system, when terminals in stores are equipped with NFC. Samsung Pay works with old and new terminals.

7. Own platform for virtual reality

Samsung has a VR headset for the Galaxy S8, a controller and its own content consumption platform, created in partnership with Oculus.

8. Heart rate sensor

Even in the Galaxy S5, a heartbeat sensor appeared next to the flash. Samsung likes it, and the Galaxy S8 also has it, in the same place.

9. Galaxy S8 can be turned into a desktop computer

Using Samsung DeX, you can connect a monitor, keyboard and mouse to the Galaxy S8. You can work with your applications and data using a desktop interface with window support.

10. Bixby can search photos for information

Bixby is Samsung's smart assistant. Much of what Bixby can do, Siri can do too. However, you can use Bixby to find information about a photo. For example, you can take a photo of a product, and they will tell you where you can buy it.

Based on materials from Business Insider

Setting up and optimizing operating systems