Galaxy S8: facial recognition deceived by a simple photo

Samsung has not disappointed with its new Galaxy S8 which offers a lot of innovations. In terms of security, the South Korean giant has put forward a triple biometric protection , especially for mobile payment via Samsung Pay, its NFC device.

Besides the fingerprint reader, Samsung added an iris scanner to validate a payment but also facial recognition. However, this last protection seems to have very quickly shown its limits.

On this video of iDeviceHelp published by Gizmodo, the user unlocks a demonstration model with a photo of his face displayed on his smartphone. In short, a simple picture of the owner’s face would circumvent protection.

Samsung recognizes the limitations of this technology and assures ArsTechnica that “facial recognition, whatever practical, can not yet be used with the Galaxy S8 to authenticate access to Samsung Pay or the Secure Folder” . A simple gadget then?

It should be said that no biometric protection is 100% safe. The fingerprint reader of the iPhone has been several times lured. At the Chaos Communication Camp in 2013, just a few months after the release of the iPhone 5, hackers demonstrated that this security was only very relative and explained how to bypass this protection by photographing the fingerprints before reproducing them at the Identical on a thin film of plastic, a process sufficient to deceive most of the sensors present on the market as well as TouchID.

For the Dashlane security editor, biometrics, prints or faces can not be used as the only protection measure. For Emmanuel Schalit, CEO of this company, “on paper it is a good tool to prevent identity theft and many frauds. You can steal my credit card or my passwords but do not Can not steal my fingerprint … But now we know that biometric authentication can be pirated like any other form of authentication. ”

“Then there is a big drawback: unlike passwords, biometric data can not be changed in case of hacking, if you are robbed of your fingerprints, you can not replace them with new ones. And if all your accounts are protected by the same biometric information, they may all become vulnerable at the same time. There are other limitations to the use of biometric data: they can not be shared and can not be made anonymous But the sharing and the anonymous use of identifiers are more and more widespread on the web … ”

Conclusion of the expert:Biometrics is relevant to adding an additional authentication factor for multi-factor authentication, but it is unlikely that it will succeed the password as a standard for all sites, We want to make us believe. “In short, the good old password still has good days ahead