Biometric Authentication Under Fire After Samsung Galaxy S8 Iris Scanner Hack | Be Korea-savvy

Biometric Authentication Under Fire After Samsung Galaxy S8 Iris Scanner Hack


Major banks in South Korea, including Shinhan, Kookmin and Woori banks, have adopted iris scanning for personal authentication, while credit card and securities companies are also evaluating the introduction of similar technology. (image: KobizMedia/ Korea Bizwire)

Major banks in South Korea, including Shinhan, Kookmin and Woori banks, have adopted iris scanning for personal authentication, while credit card and securities companies are also evaluating the introduction of similar technology. (image: KobizMedia/ Korea Bizwire)

SEOUL, May 26 (Korea Bizwire) – The recent news of the Samsung Galaxy S8’s iris scanner hack came as quite a shock to South Koreans, who have seen a growing number of commercial banks adopt the new biometric authentication method for their mobile banking services. 

According to reports, the German Chaos Computer Club (CCC) fooled Samsung’s iris scanning technology using nothing but a digital camera, laser printer, and a contact lens. 

In a video released by the CCC earlier this week, hackers took a photo of the subject’s face, printed the image and superimposed a contact lens on it, and then pointed the image towards the smartphone. Like magic, the phone unlocked, easily disproving Samsung’s claims of it being “virtually impossible to replicate.” 

Biometric authentication is increasingly being employed as a commercial security method instead of more innocuous uses such as unlocking smartphone screens. Major banks in South Korea, including Shinhan, Kookmin and Woori banks, have adopted iris scanning for personal authentication, while credit card and securities companies are also evaluating the introduction of similar technology.  

Voice recognition, essential for speech recognition services, is another biometric source being experimented on by local tech giants like Kakao and Naver, but is also vulnerable to malicious attacks. The Economist reported in April that a cloned voice based on five minutes of speech retrieved online was able to cheat biometrics software more than 80 percent of the time. 

Despite growing reports of biometric hacks, most local experts are against the idea of giving up biometric authentication altogether, arguing that there are few potential replacements that are as convenient and secure. 

“(Most of the problems we’ve seen) can be overcome by improving the accuracy of the sensors, or by using other security means together with biometric authentication,” said professor Lim Jong-in at Korea University’s School of Information Security. 

Acuity Market Intelligence anticipates all smart devices will be equipped with biometric authentication by 2020, with revenues expected to reach $34.6 billion. The South Korean biometrics market was estimated at 180 billion won ($160.7 million) in 2015.

By Lina Jang (linajang@koreabizwire.com)

One thought on “Biometric Authentication Under Fire After Samsung Galaxy S8 Iris Scanner Hack

  1. Sillie Abbe

    It’s really worrying that so many people are still so tragically misinformed. Biometrics should not be brought in where you need to be security-conscious.

    Authentication by biometrics comes with poorer security than PIN/password-only authentication. This video explains how biomerics makes a backdoor to password-protected information.
    https://youtu.be/5e2oHZccMe4

    Also there is an interesting discussion about this issue on Payments Journal
    http://www.paymentsjournal.com/Content/Blogs/Industry_Blog/35382/

    Reply

Leave a Reply to Sillie Abbe Cancel reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>