Site icon Sophos News

Fujitsu ships first phone with eyeball-scanning authentication

Fujitsu ships first phone with eyeball-scanning authentication

You don’t have to read Japanese to glean Fujitsu’s point in the video ad for its new mobile phone: frowning, furrowed-brow people locked out after forgetting their passwords get smiley after their phones scan their irises to authenticate them and unlock.

Fujitsu is claiming that its new phone, the Fujitsu Arrows NX F-04G, is the first in the world to use iris scanning to replace passwords or fingerprint readers.

Iris scans are thought to be a worthwhile means of biometric authentication given that our irises are, as far as we know, unique.

Fujitsu might be the first to put an iris-scanning phone on the market, but it will probably be a close race, given that just about everybody in the mobile phone world is thought to be looking into iris scanning for authentication.

That includes Samsung, which isn’t using iris recognition for login, but instead seems to be looking to offer the feature on specially customised devices to help security staff and similar identify other people.

The Register reports that Fujitsu’s phone, first displayed at Mobile World Congress earlier this year, has a front-facing camera that doubles as a biometric iris scanner to replace passwords for operating the phone and its apps.

As the demo video shows, the software zooms in on the irises, matches them to the version stored internally, and then grants (or denies) access.

The Register’s Iain Thomson noticed that the camera specs seem a bit switched around: the back-facing camera has a 21-megapixel camera, while the iris-scanning front camera runs on a measly 2 megapixels, meaning “either the iris-scanning software is very good or someone at Fujitsu economized a little too much.”

At any rate, it is now time to sit back and wait for somebody to figure out how to trick this futuristic eyeball-scanning technology.

It will be interesting to see how long that takes, given that this and other forms of biometrics have already been bypassed with remarkably simple techniques.

One method comes from security researcher Jan “Starbug” Krissler of Germany’s well-known Chaos Computer Club (CCC).

You might remember Krissler from back in December, when he showed off a clone of the thumbprint of German defense minister Ursula von der Leyen, as created from photos of her hands, commercial fingerprint software, and glue or latex.

The CCC documented this technique for creating a “fake finger” back in 2004, and the CCC biometrics team claimed to have used it to also crack Apple’s Touch ID system in September 2013.

Krissler told Forbes that a related attack that uses high-resolution images – suitable photos of political leaders such as Vladimir Putin or Barack Obama are easily found in Google searches – can fool some iris scanners.

That opens up the door to the possibility of someone impersonating a cleared individual at, for example, a security checkpoint, by wearing a fake iris that portrays the pattern of the original trusted individual.

There are actually several ways to spoof an iris scan.

One way is a printed contact lens with a fake pattern placed directly on somebody’s eye.

Another method is a lens with a painted iris on it, and yet another is to surgically implant a colored iris in front of a person’s real iris: something done when people want to change their eye color, but also when they’re trying to hide their identity.

Then too, there’s chemically induced pupil dilation, taken to the extent that the iris pattern is rendered unrecognizable by a scanner.

Whatever the tricks available, I’m willing to bet that the CCC and others are already messing with Fujitsu’s new phone.

As always, we’ll let you know if we hear anything.

Image/video courtesy of nttdocomo.co.jp

Exit mobile version