Companies push biometric authentication despite glaring vulnerabilities
May 13, 2015
Japanese cellphone manufacturer NTT Docomo is set to launch a new smartphone later this month complete with iris-scanning authentication.
Produced in conjunction with fellow technology manufacturer Fujitsu, the Arrows NX F-04G smartphone will utilize a user’s iris pattern to carry out a multitude of tasks.
Captured using both the phone’s infrared camera and LED, the iris scan will allow a user to unlock their device, confirm payments, and access several built-in Docomo services.
A promotional video from Docomo featuring disgruntled password attemptees boasts the phone’s convenience and security.
“Have you had trouble with a password?” the video asks.
According to the International Business Times, the feature gives users greater peace of mind than fingerprint scanners used on other leading smartphones.
“Unlike fingerprint scanners such as those found on the Apple iPhone 6 and Samsung Galaxy S6, the iris scanner lets users unlock their phones without the need to take off their gloves or worry about unsavory characters making copies of their fingerprints,” the Times reports.
Although security researcher Jan Krissler was able to successfully recreate the thumbprint of Germany’s federal minister of defense last year using publicly-available photos, a more recent hack by Krissler also produced a similar method for bypassing iris scans as well.
Using high-definition photos from a simple Google search, Krissler was able to fool a commercial iris-authentication system with a mere print out of an eye.
“I did tests with different people and can say that an iris image with a diameter down to 75 pixel worked on our tests,” Krissler told Forbes.
While passwords contain innumerable issues as well, technology experts are hesitant to rely solely on biometrics.
“People are wary of the fingerprint. They’re wary of the eyeball scan,” David Kane, CEO of global security company Ethical Intruder, told Government Technology. “It already has been proven with biometrics that if somebody can lift your fingerprint they can enter your print-protected accounts.”
Despite the issues, several major US-based businesses including Google still plan to embed biometric-based features into future products.
This article was posted: Wednesday, May 13, 2015 at 5:36 pm