The Latest Smartphone Security Innovation Isn’t As Secure As You'd Think

As cool as the current security tech may seem, intruders could still break into your phone

Smartphone security started off with traditional means which included numeric passwords and pattern drawing. These were and still currently are essential in keeping your phone secured from being accessed by thieves or busybody relatives.

As smartphone innovation evolve, so does its security. First was the introduction of fingerprint scanners, iris scanners, and now facial scanners. All of these seem like tech from an awesome spy movie, and is more than enough to make you feel like a real life James Bond or Ethan Hunt. However, like the films, there are actually ways to bypass them. Some methods are even ridiculously easy to pull off. Feeling more like Johnny English now?

Fingerprint Scanners

Fingerprints are exclusive and unique to an individual. It’s proven so far that there could never be another person in this world who would share one that is similar to yours. Not even your evil twin! However, it is still possible to replicate it by using a simple tool: tape. Yes, just like in the movies, all the intruder is required to do is identify which finger you use to unlock your phone with, and extract it with tape from the last item that you’ve touched with said finger. All that’s left is to apply the tape on the scanner, and they’re in. Cue heist movie theme song and a cheesy one liner here.

Surely phone companies have innovated to improve the technology, right? That’s correct, and recently Samsung implemented a new ultrasonic fingerprint sensor in their latest flagship, the Galaxy S10 Plus. What the sensor does is transmit an ultrasonic pulse against your finger which bounces back from the ridges, pores, and other details unique to your fingerprint. This requires your finger to appear physically for the sensor to work, and a two-dimensional copy would is no bueno. Impressive right? Well, not when you have a 3D printer…

Just recently, a security researcher managed to break into his own phone with an intricate 3D printed copy of his fingerprint. This goes to show that even the most sophisticated fingerprint scanning systems could actually be fooled with enough effort given to it. This cunning bypass was also the main reason for me to write this feature in the first place.

And yes... lobbing one’s finger off and using it to unlock the phone is another method if you don’t mind the mess, you sick sod.

Iris Scanners

This security approach is probably one of the less likely to be compromised in the list, but is still vulnerable nonetheless. Both of a human’s eyes have unique patterns formed in their irises, and these are required to confirm your identity. But rather than just simply taking a snapshot of your eye, the scanner sends a beam of near-infrared light to your eye to expose the patterns for the camera to capture it. The beam even works in the dark, and could go through glasses and contact lenses.

So would a simple photograph work to bypass this security? Well, it takes a lot more than that, as proven from a video by Chaos Computer Club, a German hacking collective. The exploit requires a camera with night vision that can capture infrared light. Once a good photo of the user’s eyes are taken, it is then printed out in high resolution on paper, and finally contact lenses are then placed over the printed eyes to give curvature. After presenting the photo to the iris scanner, they were granted access. So if any of your buddies (or relatives) do own one of these cameras, you may want to be wary from now on.

Facial Scanners

Ah yes, facial scanners. It’s all the rage now with the current smartphone line-up from all of our favourite manufacturers. Some offer 3D facial recognition, and others decided to be lazy by offering that security measure as is. To unlock your phone, present your award winning mug to the camera for scanning, and the doors will open. Sounds cool, but I bet you’ve forgotten about that evil twin of yours.

At least for those that offer 3D facial scanning, it’s highly possible for a doppelganger or an actual (evil) twin to unlock your phone. The scanner’s accuracy is further doubted as demonstrated in a video uploaded by AtMaliks, where a mother’s iPhone X was easily accessed by someone whom shared almost similar facial features as herself: her son. The chances of a person to have a doppelganger is 1 in 135. It is also most likely that they’re residing somewhere else in the world, and wouldn’t be harbouring any type of agendas against you. So you can rest easy for now knowing that there isn’t an evil clone/twin out there interested in hijacking your Twitter account and post embarrassing statements as you… yet.

As for the non-3D facial scanning variant, you might as well forget that feature ever existed in your phone. “Wait. They’re using this variant in the Samsung S10, right?”, you ask. The answer is a solid yes, and it’s as useful as giving the keys to your home to a thief. All it took was a simple photograph of your face to fool the damn thing into unlocking your phone. I’m not joking. Even Samsung themselves stated that facial recognition is not highly recommended compared to other security measures provided in the S10 series. Makes one wonder why they bothered to install the scanner in the first place, while knowing that it’s actually flawed.

Don’t Panic Just Yet

Granted, the chances of your phone getting hacked with these methods are very slim and we highly doubt any brown-nosing aunt would go as far as replicating your fingerprint in tape or let alone 3D print it so she can check your filtered Facebook posts. Theft-wise, it’s just ridiculous for a phone thief to actually return to you and have your face or iris scanned and photographed in order for them to access your smartphone.

So unless you store extremely important information on your phone such as vital corporate data, or a complex combination to a security door, you can be rest assured that no one would go through extreme lengths just to unlock your phone. Unless they really really want to log-in and cancel your Spotify subscription out of spite.

With these examples, it’s apparent that flaws still exist in these so-called sophisticated security systems, and they are far from being totally secure. Traditional phone security may be less extravagant, but numeric passwords and pattern drawing are still top of the line, as far as we’re concerned. Plus, it’ll be far more challenging for the intruder to figure out the correct bloody combinations.