Using today’s common high resolution smart phones, it’s possible to remotely enable a camera, and pull someone’s PIN in the reflection of their screen off the user’s eye!
This is one of the reasons we shouldn’t install apps, like the ‘flashlight’ app, that asks for permission to enable the camera.
Jan Krissler, a member of the Chaos Computer Club demonstrates how to bypass many biometric authentication systems. He demonstrates the following proof of concepts:
- Remote hijacking your camera and pulling the video of you entering your PIN to unlock your phone, through the reflection of your eye!
- Using promotional high resolution photos of people to bypass eye scanners
- Using photos to bypass facial recognition
- Pulling fingerprints off pictures of hands.
- Bypassing the iPhone touchID
- and more!
This is a German video dubbed in English.
I think the lesson to be learned is, be weary of the permissions your applications are trying to get you to allow on install. If an application requires camera access and it is not a messaging application, then don’t allow it.
Another lesson: I don’t think the world will be secure if we rely solely on biometrics. It’s a nice enhancer for two-factor, but can NOT replace “something you know”, like the password.
Remember to share this article to warn your family and friends!