Many of us store vital information on our phones, and we take them with us wherever we go. Naturally, we always try to use the latest tricks and techniques to keep our devices and data safe.
Now, let’s imagine an unlikely scenario. One day, being in a rush, you forget your precious device at home. Suddenly, you need access to critical information, but your phone is locked using iris-scanning biometric technology.
Can you, or, in this case, a friend, use a selfie photo to scan your iris and unlock your device?
Source: Wallpaper Flare
Suppose you have a clear pic, absolutely. That said, it won’t be as simple as grabbing the closest snapshot of your face and waving it in front of your phone. Even if you’re trying with a good selfie, you might still run into a few problems.
See, modern mobile phones use technology to judge whether it’s being used on a 2D photo or a real 3D eye. We say try, because, with a few simple tricks, you can easily fool your phone.
Unfortunately, you’re not the only one who can.
The Biometric S8 Iris Scanner Hack
The original ‘big hack’ happened in 2017 when Samsung released the Galaxy S8. The device included an iris scanner, and it was heavily marketed at the time as one of the safest ways to lock your phone.
At least, that was the case until members of the Chaos Computer Club quickly hacked the lock and posted a video of how they did it.
The process was relatively simple. The team took a high-quality night-mode photo, and, ironically, printed it out with a Samsung printer. Now, an S8 can judge whether an eye is a two-dimensional photo or an actual three-dimensional eye. To circumvent the problem, CCC used a contact lens to create the illusion of a curve.
One, two, three, and in those few steps, they hacked the phone’s iris scanner. The worrying implication, of course, is that any selfie can be used to recreate their success. If you consider our obsession with taking high-quality photos for social media, it’s a risk that can’t be dismissed.
Other Selfie Mobile Hacks
Over the last few years, there have been several reports and warnings about how hackers use simple tricks with selfies to fool biometric security locks.
For example, in 2017, several articles were making the rounds about how hackers can use selfies to steal your fingerprints. Everything from peace signs to waving could compromise your security.
In 2015, a writer decided to try logging into his bank account by using a video of himself to trick the facial recognition technology – and succeeded. In 2016, a research team successfully hacked several different systems by building a 3D facial model from Facebook photos.
In short, there’s a myriad of ways hackers can use your public snapshots and selfies to bypass biometric security measures.
Biometric Attacks and Security Risks
Although there haven’t been any significant updates on iris-related hacks, it doesn’t mean we’re suddenly safe from these attacks or that they haven’t been happening. In fact, there are many recent ones you might not be aware of, compromising the security of your devices.
For example, in late 2019, it was discovered that Biostar2 had put millions of users at risk. They had massive amounts of unencrypted information, including facial recognition data, usernames, passwords, and more than 1 million fingerprints. Similarly, the OPM breach resulted in the prints of 5.6 million federal employees being stolen.
If you think your device is safe, regardless of these issues, think again. The Samsung Galaxy S10 was unlocked using fingerprint impressions, 3D models, and even a few easy speed hacks you can find online.
There’s also voice recognition, but don’t rely on it to keep your device secure. Black Hat’s researchers found that, with as little as 10 minutes of randomly recorded audio, they could crack several voice authentication systems.
As much as biometrics make our lives a little simpler, they’re not infallible.
Although there haven’t been any recent reports about mobile biometric hacks, never assume that these identification methods are infallible. While the technology will likely continue to improve, hackers are rarely more than a few steps behind.
Keep in mind that, from social selfies to a few surreptitiously taken photos, you can’t guarantee someone won’t get their hands on an image of your face, fingerprints, or eyes. It’s always recommended to use more than one security measure to protect your phone, including a pin or pattern lock.
You might be tempted to try unlocking your phone by using a selfie or to ask a friend to attempt an iris scan with a photo. Before you do, remember that your mobile device contains a lot of private information, so don’t take any chances. By taking a few extra precautions you can keep your phone and personal details safe.