For those who value their privacy, Samsung might be making it a little harder for someone to break into your phone. If you've ever configured your smartphone to offer up that 6-digit entry code, you'll be pleased to know that the conglomerate has its eyes set on retinal scanning technology. But as we approach the release of the Galaxy Note 7, scheduled to be revealed on Tuesday in New York, London, and Rio, it's fitting to wonder exactly how secure this relatively new breed of biometrics might be.
The concept of utilizing iris scanners to unlock phones is not exactly novel. In fact, it's old news for ZTE, a China-based multinational telecommunications company that released the ZTE Grand S, which featured retinal scanning in the form of the "Eyeprint ID," last March. As the name suggests, ZTE's Eyeprint ID scans both eyes to allow users entry into their phone.
"Last year, we put a lot of focus on biometric security in smart phones to introduce different ways of using your biometric data," Waiman Lam, ZTE's VP of Mobile Devices, told Motherboard.
Biometrics and consumer technology have long gone hand in hand. Apple has featured fingerprint scanning through "Touch ID" in its iPhone since 2013. While such technology has proven to be reliable, it is not always the safest option. If you've ever seen a crime show before, you will know that fingerprints can quite easily be lifted and copied. Researchers have outlined the process into a few surprisingly simple steps. Thus, it is safe to say that a fingerprint-based security system is certainly not impenetrable. Jeremy Gillula, the Electronic Frontier Foundation's Senior Staff Technologist, spoke to this worry.
"The security concern is that if you're just using the fingerprint to unlock your phone and you keep it locked just because you're worried if you lose it some random person off the street might get into it, you probably don't have much to worry about," Gillula told Motherboard. "But if you're a journalist covering a controversial story or a politician...just locking your phone with your fingerprint is probably not going to keep it very secure from somebody who really wants to get in."
ZTE's "Eyeprint ID" sought to meet this threat by offering a more secure alternative. In theory, this feature seems like the perfect security substitute, but, unfortunately, certain characteristics thwart it from being granted the same reliability as fingerprint scanning. After its initial launch last year, ZTE noted some obvious flaws in its functionality. Retinal scanning only worked under certain lighting and distance to camera played a major role in its finicky nature. It is notable to mention that the company did not launch any other devices offering Eyeprint ID in their new lineup of smartphones this year.
"I think the technology last year was still a little, I wouldn't say premature, but [it was] kind of hard to use from the user's perspective...From the user capability point of view, [Iris scanning] is not as user-friendly or as easy as the fingerprint," Lam told Motherboard. "So, I think the technology still has improvements."
Yet, even if Apple or Samsung were to resolve all of Eyeprint ID's kinks, the question still remains whether or not retinal scanning would sufficiently secure a phone.
"Iris scanners can also be fooled," Gillula informed Motherboard. "If it's something where it's a sensor taking input from the environment, people will find a way to fool that sensor."
Iris scanners, along with other biometric applications, are indeed susceptible to foul play. However, this is not to say that retinal scanning is of no use. ZTE allows for various biometrics, fingerprints, Eyeprint ID, and voice recognition, to be used in conjunction with each other. The value of such security measures are best observed in layers. Of course, the more security steps the user installs, the less likely their phone's data is to be compromised.
"Someone may be able to steal your password remotely, but they can't necessarily steal your fingerprint [or iris print] remotely," Gillula told Motherboard.
And if the reports are true, and Samsung and Apple (in 2018) will allow passcodes, fingerprints, and retinal scanning to function in unison. For while iris scanners alone will not transform your smartphone into a digital Fort Knox, a multi-layered security system would be enough to stump most snoopers.