Following the news that a group of hackers is claiming to have beaten the iris scanner on the Samsung Galaxy S8 smartphone, IT security experts from Positive Technologies and Comparitech.com commented below.
Alex Mathews, Lead Security Evangelist at Positive Technologies:
“Any new high-profile security technology, such as the biometrics on the Samsung, are like a red rag to a bull for the cybersecurity community. It invites curious minds to try and figure out where vulnerabilities lie – so they can be fixed. Doubtless the security teams at Samsung will take this report into account when developing the next iterations of such technology. This is why the relationship between the cyber security research community and manufacturers is so valuable.”
Lee Munson, Security Researcher at Comparitech.com:
“The password is dead! Long live the password!
Security experts have long proclaimed the end of the humble password as a means of authenticating someone’s identity, primarily because they want to see the back of something that causes so many headaches.
The oft trumped alternative is biometrics – utilising anything from a heartbeat to a fingerprint – to prove identity.
In theory, such a system sounds ideal as voices, pulses and swirls on digits cannot be cracked by a software tool, or brute forced by someone with time on their hands.
Biometrics are, however, often a weak solution, as we have seen with the Samsung Galaxy S8 that can be fooled by a photo and a contact lens, online banking systems tricked by a twin’s voice, or numerous fingerprint scanners with a weakness for imprinted gummi bears.
Thus, for now at least, we are left with the password, with an onus on companies to block weak passwords and implement two factor authentication, and users who should take advantage of password managers to construct complex and lengthy credentials that are not reused across many sites.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.