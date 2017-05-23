Our expectations of what it takes to get into our phones have been set too high.
The Galaxy S8's iris scanning is quicker and more accurate than when it debuted (for a short period) on the Galaxy Note 7, saving us from using the fingerprint sensor every time we want to unlock the phone. But it doesn't guarantee your phone can't be accessed by an unwanted person, as the Chaos Computer Club has easily demonstrated.
The CCC shows how it could simply take a photo of a person's eye — with up to a 200 mm lens from 15 feet away, it says — and then print it out on typical paper, cover the paper with a wet contact lens to mimic an eye and instantly gain access to the phone. With a sufficient amount of time and complete access to the phone, you could theoretically unlock any Galaxy S8 with iris scanning enabled.
Despite Samsung's claims that iris scanning is nearly on-par with a fingerprint sensor's security and far stronger than face recognition, this shouldn't come as any surprise. But in the CCC's own article on the iris scanner bypass, it links to its defeating of Apple's TouchID fingerprint sensor years ago. It has been demonstrated numerous times that other fingerprint sensors can be bypassed with a certain level of trickery and time — so how worried should you be?
Each option you have for unlocking your phone comes with trade-offs and potential risks. For most of us out there who simply want to keep our private information locked up should our phone be lost or stolen, a fingerprint sensor or iris scanner is sufficient. It's easy enough to use that we'll actually keep it enabled 100% of the time, while being difficult enough to deter the most-common threats to the physical security of the device.
The average criminal looking to steal a phone isn't printing a high-resolution image of your eye.
The average criminal or sleuth looking to steal a phone and unlock it for a quick factory reset and sale isn't taking a high-resolution photo of our eyes and printing it out. Not only would they be far better off looking over your shoulder in public to see what your backup PIN or pattern is instead, they'd just as easily throw your stolen phone in the trash when they realize it couldn't be unlocked and quickly resold. But the most important thing at that point is that all of your data is safe, because they weren't going to be willing to go through the process to get a scan of your irises or fingers to unlock it.
Yes, your Galaxy S8's iris scanner can be defeated in the right circumstances — those circumstances include a targeted attack that requires time and complete physical access to the phone. But that doesn't mean you need to move away from iris scanning or be unnecessarily worried about the security of your data when using it.
Only roughly two-thirds of modern Android phones are using lock screen security at all — we need to get that number a lot closer to 100 percent before we start nitpicking about which security form we're using and how easy it is to defeat.
Samsung Galaxy S8 and S8+
About
The Galaxy S8, and its larger sibling the S8+, are Samsung's top-end devices for 2017 meant to appeal to the general consumer and power user alike. The two phones are only differentiated by screen and battery size: 5.8 inches and 3000mAh, and 6.2 inches and 3500mAh.
The displays have a new 18.5:9 aspect ratio with a QHD+ resolution, meaning they're extra tall and narrow. Samsung moved to on-screen buttons and reduced bezel size dramatically in order to fit as much screen into the body as possible. That moved the fingerprint sensor to the back of the phones, where it sits somewhat-awkwardly next to the camera lens. Iris scanning makes its return in a new-and-improved version from the Note 7.
Though the batteries haven't increased in size from the Galaxy S7 and S7 edge, the hope is that the improved efficiency of the new 10 nm processor inside will provide some help. The processor is backed up by 4GB of RAM and 64GB of storage. Waterproofing and wireless charging are still here as well, plus a new USB-C port on the bottom. The rear camera is unchanged in terms of its 12MP sensor and f/1.7 lens, but has improved processing thanks to a new ISP and software.
Specs
|Width
|Height
|Thickness
|5.86 in
148.9 mm
|2.68 in
68.1 mm
|0.31 in
8 mm
|5.47 oz
155g grams
- Display:
- 5.8-inch AMOLED display
- 2960x1440 resolution
- 18.5:9 aspect ratio
- Dual-curve infinity display
- Cameras:
- 12MP ƒ/1.7 rear camera
- Dual-pixel phase detection autofocus
- 1.4-micron pixels
- 8MP ƒ/1.7 front camera
- Battery:
- 3000 mAh battery
- Non-removable
- USB-C fast Charging
- Qi + PMA wireless charging
- Chips:
- Snapdragon 835 processor
- Samsung Exynos 8896 processor
(varies by region)
- 4GB RAM
- 64GB internal storage
- microSD card slot
- Android 7.0 Nougat
- GS8+
- Samsung Galaxy S8+
- 6.2-inch AMOLED display
- 3500mAh battery
- 6.28 in x 2.89 in x 0.32 in
159.5mm x 73.4mm x 8.1mm
- 6.10 oz / 73g
Reader comments
Galaxy S8 iris scanner unsurprisingly bypassed with picture of an eye and a little time
i can see a concern for this however if your phone is lost and someone finds or someone that you don't know stole it from you how can they access your photo or know what you look like? The only way this would be a concern if someone closed to you friends or family stole your phone and knows how you look like. Otherwise I don't see this as a major problem. This would be the same problem with Finger scan nothing is perfect compared to pin security assuming you put more then just 4 pin numbers.
I think this is more of an issue for high-ranking corporate or government officials, or people who otherwise have clearance to secure information.
How about some deadbeat hanging out at the mall food court taking a picture of you from within a few tables (15 feet was what it took by this club) and then stealing your purse or mugging you a bit later? Picture in hand could it be unlocked? I think so.
I've basically moved to Smart Unlock with my smartwatch. The FPS location was too awkward and the face unlock and iris detection was not consistent enough to be effortless.
With Smart Unlock if my phone leaves my person then it can only be unlocked by password.
lol it's funny that you say that i had that set up with my smart watch and quickly removed that if i left my watch and my phone together that's like a double whammy. So i rather do the finger scan to unlock :)
My watch is only off my wrist while I shower (charging on it's cradle) so the thief would have to be in my family or would have to steal the watch off my wrist together with my phone. :)
"How about some deadbeat hanging out at the mall food court taking a picture of you from within a few tables (15 feet was what it took by this club) and then stealing your purse or mugging you a bit later? Picture in hand could it be unlocked? I think so."
Anything is possible. Is this going to actual be a common occurrence for thieves to take pictures of their potential victims eye? .. Doubt it. Lol..
Probably not common but in my neck of the woods, entirely possible. Gotta move quick lol.
You mention mugging... I doubt anyone mugging you for your phone will let you hang onto your watch. In the case of a mugging, using smart unlock tied to a smartwatch is much less secure than iris scanning.