How iris scanners on smartphones work
It has been a huge year for Samsung. The Galaxy S7 Edge has seen Samsung’s mobile division reporting healthy profits. Now its the turn of another big Samsung big hitter, the Note 7.
The most talked about feature is the iris scanner. It uses an infrared optic system to scan the user’s iris (that’s the coloured bit of your eye) to unlock the phone.
While my time with the Note 7 was limited, I was impressed at how fast it worked.
Whipping the Note 7 out and powering it on reveals two circles on the top half of the lock-screen. These have to be lined up with the user’s eyes for their irises to be scanned.
DOES IT WORK?
So how does an Iris scanner work? is it able to be fooled? These burning questions are sparking endless amounts of debate on smartphone internet forums.
As well as the Note 7’s front-facing camera, there’s another camera. It’s an infra-red shooter which means Iris scanning works even in low light situations.
Registering one’s eyes under user security settings looks to be quick and hassle free. That is provided you don’t wear glasses.
The Samsung representative must have had a bit of practice, as powering up and authenticating was a single smooth action.
How well that’ll work in practice for the everyday user remains to be seen. The Note 7 must be held the right distance from your face and your eyes (obviously) have to open.
Should you have had a particularly hard night on the town or be wearing sunglasses, no worries. The Note 7 also has a fingerprint scanner and pin entry option.
HOW DOES IT WORK?
Iris scans are one of the more accurate forms of biometrics including fingerprint scanning – fingerprints wear out as the person gets older.
It is also quick when compared to the likes of DNA profiling (which can take some time to match to a specific person). In short, irises don’t change and are quickly scanned.
Your iris is the coloured ring of tissue that surrounds your pupil. The colour is a genetic thing helped along with a pigment called melanin. More melanin gives you brown eyes while less equals blue eyes. Irises and their colours are complex and each is unique – even identical twins have different irises.
Iris scanning is a two-part process. First, a scanner needs to identify and store a collection of unique traits in the user’s iris.
The Note 7 uses both infrared and traditional cameras for iris scanning. The infrared camera can see features of irises that aren’t visible in semi-dark conditions.
These iris images are analysed. The scanner identifies at least 240 iris features which works out at five times the features detected by most fingerprint scanners.
Unique Iris features get converted into an IrisCode (which is usually a 512 digit number)
Once your iris info is recorded, identification becomes possible.
This is when the scanner takes an image of your eyes and matches it against stored IrisCodes.
CAN THEY BE FOOLED?
The reality is that just like any security technology, iris scanners are not fool-proof. This said, fooling one isn’t easy or cheap.
Security researchers have managed to craft duplicate iris images based on IrisCodes taken from a database.
Under test conditions, these fake irises fooled scanners 80 per cent of the time.
In theory, anyone with these images has a good chance of bypassing what was previously seen as fool-proof security systems.
This isn’t new. Fingerprint scanners have long been able to be spoofed using latex fingerprint copies. One particularly ingenious hacker even used a gummy bear with a fingerprint impression.
What is new is the fact that this method can extract existing IrisCode data to create fake irises.
In effect, this means identity theft through an iris scanner is a possible (but complex) undertaking.
A fake iris could be printed onto a contact lens and then used to fool iris scanners.
ARE IRIS SCANNERS WORTH IT?
As tempting as it is to yell “gimmick”, the reality is that iris scanning makes a lot of sense. It is reliable, pretty secure, and fast.
Iris scanning is anything up to 10-times more accurate than fingerprint scanning. This is because irises tend to be more protected and aren’t subject to the same wear and tear as fingers.
Fingerprint scanners also need direct contact to work. Iris scans can happen at a distance and no physical contact is required. This makes authentication more seamless compared to fiddling about entering PINs or swiping fingers.
While iris scanning hardware used to cost a lot. Nowadays costs have plummeted to the point they’re being built into smartphones.
The Samsung Galaxy Note 7 goes on sale in New Zealand on August 19 and it will cost $1599.