Samsung unveiled the Galaxy Note 7 on Tuesday and its latest phablet comes with an iris scanner that can unlock a user’s phone.
But it’s not the only form of security available: users can authenticate with a fingerprint or traditional PIN code. With researchers working hard to crack fingerprint scanners, it looks like Samsung may have outsmarted the competition on security. As with most things, though, there are some caveats.
Samsung’s iris scanner is straightforward enough: an infrared camera is combined with a proximity sensor to take an accurate reading of the device holder’s iris. The technology works when there’s 25 to 35 centimeters of distance between the two. When it gets an accurate reading, it checks against the locally-stored scans to see if they match. If so, it’s open sez me, and the phone unlocks.
The iris scanner solves one of the biggest issues with fingerprints. When Touch ID first launched in the iPhone 5s back in 2013, it helped popularize biometric finger scanning on mobile devices. Today, the fingerprint may not be as secure as it once was, with thieves and cops both researching ways to copy a user’s prints and grant access.
In March, Michigan State University researchers announced that they’d discovered a way to bypass a fingerprint lock with an inkjet printer. Using electrically conductive ink from Japanese company AgIC, the team was able to gain access using materials that cost less than $500. You need a high resolution, 300dpi image of the fingerprint, but researchers claimed that a photograph could do the trick.
Only last month, police approached researchers asking them to 3D print a murdered man’s finger to grant device access. The man was a suspect in a previous case, so the authorities could supply his file prints to the researchers.
So iris scanning is more secure, right? Not necessarily. Black Hat USA researchers found in 2012 that there may be a way to spoof commercial recognition systems. The Note 7 has only been revealed for a few hours, so until hackers get their hands on it for long enough, it’ll be hard to say for sure how easy it is to crack. Iris scanners aren’t 100 percent foolproof, though.
There’s also other problems that both iris scanning and fingerprints share. There’s a legal argument over whether fingerprints are protected by the U.S. Constitution’s Fifth Amendment. A Virginia judge ruled in 2014 that handing over a passcode is self-incrimination, but this does not apply for fingerprints.
That doesn’t mean we have to throw in the towel just yet. One way to avoid defeating biometric security is by focusing on behavioral patterns. We swipe, walk, and talk in unique ways, and it can be harder to mimic a habit than it can be to directly copy biometric data.
Any extra ways smartphone makers can add identifiable information into the unlock process can help, but in many ways it feels like manufacturers are playing a cat-and-mouse game. At least there’ll always be the Note 8.