Samsung’s next flagship tablet, the Galaxy Tab S4 is scheduled for release later this year. Renders of the tablet have begun to leak, as have firmware details – and the latter reveals that it will ship with both an Iris scanner and facial recognition; a sign of the extent to which biometric security is going to become the consumer norm.
The technology, dubbed “Intelligent Scan” by Samsung, first shipped on its Galaxy S9 and S9+. It combines both biometric scans when unlocking the tablet; if one fails, it uses the other as backup. The company describes it as “a deep learning-based verification solution”, as it analyses surrounding lighting conditions to decide which of the two biometric methods might be best for unlocking your phone.
The firmware and renders suggest the Galaxy Tab S4 doesn’t ship with a fingerprint scanner.
Critics Warn Over Biometric Security
Critics note that the S9’s facial recognition can be fooled with a photograph, with hacking group Computer Chaos Club (CCC) member Jan Krissler, a security researcher known as “Starbug”, demonstrating the crack last year.
In a May 2017 blog, CCC spokesman Dick Engling added: “The security risk to the user from iris recognition is even bigger than with fingerprints as we expose our irises a lot. Under some circumstances, a high-resolution picture from the internet is sufficient to capture an iris“, Dirk Engling remarked.
He added: “The easiest way for a thief to capture iris pictures is with a digital camera in night-shot mode or the infrared filter removed. In the infrared light spectrum – usually filtered in cameras – the fine, normally hard to distinguish details of the iris of dark eyes are well recognisable.”
Samsung notes that the option is a consumer choice one – and only used to unlock the phone, rather than access payment apps, etc. For convenience, users may welcome it. Others continue warn that once biometric data has been compromised, there is no way to undo the damage; passwords can be changed, irises can’t.
In a blog earlier this year, Joel Snyder, a well-known security expert, emphasised the importance of assessing vendors when implementing biometrics on Android smartphones: “When enabling biometrics such as iris scanning, look for a clear statement from the hardware vendor on how the data are stored and verified. Data should be stored in an encrypted or hashed format eliminating the possibility of decryption, even by privileged applications.”
He added: “Android devices should make use of specialized hardware and TEE [Trusted Execution Environment] with live biometric data, to ensure that malware can’t tamper with the data or interfere with the process, creating safer options for enterprises interested in the technology.”