With the advancement in technology, state of the art biometric devices like iris scanners have made their way to consumer products. Devices like Samsung Galaxy S8, S8+, S9, S9+, Note8 and 9 are a few with inbuilt iris scanners. Samsung devices allow a user to make payments through Samsung Pay using iris recognition. Making us wonder are they secure enough for making payments.
In this article, we will go through the working or iris scanners, what makes them different and are they secure enough?
The science behind Iris recognition
Like any other biometric recognition technology, iris recognition uses an identifier that is unique for each person. In this case, it is the pattern inside the iris of your eyes. This pattern is unique for each individual, including identical twins, and undergoes very minute changes throughout a person’s life. Although iris recognition works well with most people, it is less accurate in children of ages 1-4 due to the changes which occur in the iris patterns during this age
The patterns inside the iris are very intricate, and to get the pattern correct, a high contrast image of the eye is required and to achieve that, infrared is used. This light reaches the iris and then bounces back. After this, an IR camera captures this information and processes it to extract the features of the iris. It follows a total of four steps to extract this information, which are as follows.
- Pupil detection: Detection of the pupil takes place during this step. As the pupil has no role to play in the iris detection process, it is removed from the image.
- Iris detection: The sclera (white part in the eye) is removed from the image, which leaves us with the image of the iris.
- Normalisation: Our pupils dilate to let in different amounts of light into our eyes. Due to this, the size of the iris changes and normalisation is used to fix this problem. It transforms the data from cartesian coordinates to polar coordinates.
- Feature extraction and storage: A total of 240 different features are extracted from the normalised image. These features have different values for each person and are stored in a database and can be used to identify a person.
Advantages of Iris recognition
- Accuracy: When it comes to accuracy iris recognition is one of the best out there. Most fingerprint biometric systems use a total of 16 features to identify an individual. Due to this, the number of false-positive can be 1 in 50,000. Iris recognition uses a higher number of elements (240) to identify a person. This decreases the number of false-positives to 1 in 1,000,000
- Highly secure: Forging the iris pattern of a person is much more difficult compared to fingerprints.
- Contact-free: Iris scanners can work at a distance and do not require contact with a sensor.
- High speed: Due to the small size of the iris fast matching can be performed making iris scanning extremely fast.
Disadvantages of Iris recognition
- Higher initial costs: The cost of this technology is more compared to other biometric recognition systems like fingerprint sensors
- Mass tracking and bulk collection: Governments can use this technology for mass surveillance and tracking.
- Can be hacked: Some commercial iris scanners can be bypassed by using high-resolution images of a user’s iris.
There is no doubt in the fact that iris recognition is a great piece of technology, but it can be used for mass surveillance and tracking which can never be a great thing and can only lead to dystopia.
When it comes to making payments using the same, we would suggest use highly secure PINs rather than biometric technologies as they can be hacked one way or another and the thing with your biometric is that it can’t be changed unlike passwords or pins — unless you go under the knife.
Samsungs’ take on Iris recognition security
Now that we have a basic idea of how iris scanners work let us take a look at Samsungs iris scanning technology and is it secure enough?
When it comes to security Samsung uses Knox security to keep your iris data secure using encryption and data isolation. It uses iris scanners made by Princeton identity, which are claimed to be 100,000 times better than other forms of biometric security such as fingerprint scanning. These sensors use 200 features to uniquely identify each iris, which make them hard to falsify.
But are these sensors really unhackable? Unfortunately, no.
A group of hackers were able to bypass the iris recognition on the Samsung Galaxy S8 using a high-resolution image of the victims’ eye and a lens.
Why did Samsung omit Iris Scanners in new devices?
Samsungs’ flagship devices released after Note 9 stopped using iris recognition. There are no concrete statements by Samsung for why it let go of the iris sensor, but there are a couple of reasons which could have made them take the decision.
Samsung started using ultrasonic fingerprint sensors in its newer flagships like the S20 and the S10 which use Qualcomm sense id, making it a secure payment mechanism.
Samsung has also always wanted to get rid of the notch. It placed the camera inside the display to increase the screen to body ratio. Using an iris recognition module would mean having a notch design and decreasing the screen to body ratio. Samsungs’ newer flagship also offer software facial recognition which is faster but less secure compared to iris scanning technology and provides another way to unlock your device.