It didn’t take much time for hackers to bypass the iris recognition security system of Samsung’s latest flagship phones.
This raises questions about how exactly users can protect their phones. After all, some of the most advanced means of biometric security have already been outwitted – including fingerprint scanning.
CompareGuru takes a look at how hackers defeated Samsung’s iris technology, and alternative ways users can protect their phones in light of this news.
How did hackers bypass iris tech?
The flaws in Samsung’s iris recognition technology were revealed by the Chaos Computer Club (CCC) – a group of hackers based in Europe.
The hackers found that a night mode photo of an S8’s owner, a printer and a clear contact lens were enough to fool the system.
The experiment was conducted under controlled conditions. But the hackers have warned that a high-enough resolution image from someone’s social media profile could be enough.
The hackers just printed out a close-up of their volunteer’s eye and applied a clear contact lens over the image. When they presented the image to the Galaxy S8 (on which the volunteer had registered his real eyes), the phone unlocked.
The method through which they bypassed the phone means that it’s unlikely an anonymous hacker will try to gain access to your data this way. However, it is a perfect method for a nosy partner or greedy acquaintance.
Samsung has said they are looking into the situation after CCC uploaded a video of their trick.
The group has also previously bypassed Apple’s TouchID fingerprint recognition system.
So how can I protect my phone?
CCC’s experiment doesn’t mean you have to disavow biometric security for your phone, but it does show consumers that these solutions aren’t infallible.
There are a variety of alternative ways you can protect your phone. See them below…
If you are still worried about protecting your phone’s data, you can implement some older security solutions, such as a simple PIN code.
Using a random sequence of numbers is still one of the best ways to protect your phone – especially six-digit passcodes. Of course, using your year of birth or a predictable sequence (such as 1234) significantly reduces this security.
You can also enable two-factor authentication or a combination of security features. For example, most phones will ask for two methods of security input before starting your phone after a reboot. You can choose a variety of combinations – pin and pattern, pattern and fingerprint, pin and iris, etc.
If you really want to up the security, you can require this combination of inputs whenever you unlock your phone. However, this does come with an element of inconvenience.
While encryption isn’t new-age technology, it is something many users still haven’t implemented on their phones.
Smartphone companies like Samsung now provide a secure, encrypted folder for your sensitive data. This type of folder is included in the Galaxy S8 and S8+.
However, if your phone isn’t one of the latest flagships, you may have to opt for an encryption app which creates a secure folder for you. This means that even if hackers get access to your phone, there is still another layer of security protecting your encrypted files.
Anti-malware software for phones
While PINs and other security features for unlocking your phone protect your information when your device is stolen, there is a significant risk of hackers gaining access through other means.
Most cybercriminals will rely on digital methods to access your phone – such as installing Trojan malware on to your device.
This malware acts as a back door which cybercriminals can use to take over your phone and track your data.
This kind of malicious software usually makes its way on to users’ phones through dodgy apps, phishing schemes and even malicious sites or adverts on the internet.
You can take preventative measures to reduce the risk of this happening:
Do not click on any unknown links in emails and messages
Don’t input information on unsecure sites. Secure sites have “https://” in their URL, while unsecure sites only have “http://”
Only install trusted apps through verified stores (such as the App Store)
Use an ad-blocker on your mobile browser.
However, there are also more anti-malware programs being released specifically for mobile devices. You should consider installing a comprehensive app in order to protect your phone, should it risk infection.
Brought to you by CompareGuru