Why an eye scan could soon unlock Samsung and Apple phones

Leaked images and rumors surrounding the Galaxy Note 7 and 2018 iPhone suggest that users can unlock phones and potentially make purchases with an iris scanning camera. Here’s how it would work.

Iris scanning may be coming to a smartphone near you as early as next month. Samsung’s Galaxy Note 7 phone—to be released August 2—will very likely include iris recognition technology to unlock your phone. Apple may also roll out new iPhones with iris sensors in 2018, according to DigiTimes—delivering on user demand for biometric security checks over numeric passwords, but raising new practical and privacy concerns.

Iris scanning works by recognizing the flat, colored, ring-shaped membrane of the user’s eye. Like a fingerprint, each person’s iris is unique. While a retinal scan requires close proximity to an eyepiece, iris capture is more like taking a photograph.

“Smartphones have been improving camera quality, so it’s natural and easy to add the iris scan,” said Avivah Litan, an analyst at Gartner Research. “There is a lot of interest in iris scans and other biometrics among both consumers and employers, because the other security methods are being circumvented.”

While Samsung and Apple would certainly be large deployments, they would not be the first to venture into eye-scanning security. Fujitsu launched the Arrows NX F-04G smartphone in Japan in 2015, and Microsoft’s Lumia 950 XL followed later that year. Both phones feature built-in iris scanning user authentication.

Other companies offer similar security for mobile devices via an iris recognition software and camera hardware. And Windows 10’s Hello feature lets you log into the OS using your face, iris or fingerprint.

Neither Samsung nor Apple has confirmed the rumors about their own iris tech, but it seems highly likely that the speculation is true. Samsung applied to trademark the “Galaxy Iris” and “Galaxy Eyeprint” monikers in the US, Europe, and South Korea in May.

Apple sources reported that the company was investigating iris scanning as early as 2014, and KGI security analyst Ming-Chi Kuo predicted in March that Apple’s 2017 iPhone model might incorporate facial recognition technology (though the DigiTimes story released this week said it would be the 2018 model). The company owns a number of patents that include such technology, including a facial recognition system that relies on 3D rendering for increased accuracy.

Apple also acquired facial recognition specialist Emotient and real-time, 3D-rendering firm Faceshift. In January 2015, it was granted a patent for advanced eye-tracking technology that follows a user’s gaze and relays the information to an on-screen graphical user interface.

Most smartphones will not require additional hardware to add this feature; rather, they can likely use existing front-facing cameras and build in an algorithm for the iris scan, said Alan McCabe, biometrics researcher and CEO of the startup My Software Prototype. “It’s a bit surprising that Apple couldn’t bring it out as an update to their standard OS,” McCabe said. “Perhaps they’re waiting for that next generation camera to come out.”

According to the Samsung Galaxy Note 7 patent, the iris recognition system uses three lenses to capture the image signal, and then checks the iris of the user based on the image generated.

Rising popularity of biometric security practices

Apple brought biometric identification to the mass market with the iPhone’s home button fingerprint sensor in 2013, a feature called Touch ID. This high-profile rollout helped drive wider adoption, according to a report from Juniper Research. More than 770 million biometric authentication applications will be downloaded each year by 2019, up from just six million in 2015, the report states—which will dramatically reduce dependence on alphanumeric passwords for smartphones.

By 2019, biometrics are expected to be a $25 billion industry, with more than 500 million biometric scanners in use around the world, according to Marc Goodman, an advisor to Interpol and the FBI. Eighty percent of consumers who expressed a preference said they think biometric authentication is more secure than traditional passwords, a OnePoll/Gigya survey found.

“Biometrics are growing in popularity because we cannot trust people based on their credentials, namely their ID cards and passwords,” said Anil K. Jain, a Michigan State University professor who researchers biometrics. “Because of the lack of solid proof of identity, there is a growing need and requirement for using biometrics for homeland security, international travel, and financial transactions.”

Millions of customers at Bank of America, JPMorgan Chase, and Wells Fargo banks now use fingerprints to log into their accounts via their phone. Wells Fargo also lets some customers scan their eyes with their phone camera to log into corporate accounts.

Iris recognition in particular is gaining popularity, as it is more accurate than fingerprinting, Jain said. However, existing tech that uses iris scans for authentication typically encounters problems with people wearing contacts or glasses, with changing lighting conditions, and with positioning the camera correctly. But these issues would likely be worked out over time, Litan says.

Avoiding system breaches

Biometric systems are not foolproof: Hackers can create a biometric spoof, or an artificial object (like a fingerprint mold made of silicon) that can fool a system into granting access. Vendors can use different techniques to check for liveness, such as asking a person to blink, measuring blood flow in the eye, or using voice authentication to read the date and time. Still, it will be difficult to prove how accurate these measures are until the tech rolls out on a mass scale, Litan said.

And while these systems make it more difficult to impersonate someone, they need to have strong enrollment processes, lest a criminal register their own iris or fingerprint under someone else’s name. This was a major problem with Apple Pay—while the security systems were strong, criminals could enroll as another person.

Litan predicts a rocky rollout of iris scanning smartphones, but said she believes the technology will improve greatly in the next few years. It could have implications in the future once we see more rollouts of the Internet of Things, she added—for example, you might soon be able to open doors by looking at a camera that scans your iris.

“Iris scans are coming, and you can start relying on them for authentication,” Litan says. “Tech leaders should start evaluating what it could do for your organization—keep an eye on it, so to speak.”

Windows 10 one year on: Has it been a success for Microsoft?

Since releasing Windows 10 almost one year ago, Microsoft has pushed hard to get Windows users to upgrade, to the point where its heavy-handed tactics drew sharp criticism.

But despite that drive, Microsoft recently admitted that — while Windows 10 is now used on some 350 million devices — the firm will likely miss its target for one billion devices to be running the OS by the end of summer 2018.

Microsoft is blaming sluggish sales of Windows 10 phones for the shortfall, with the company shifting its focus away from Windows on phones until the expected launch of the Surface Phone next year.

“What’s changed is that the phone business has not has not evolved in the way that Microsoft expected it to,” said Al Gillen, GVP of enterprise infrastructure at analyst house IDC.

“They’ve arguably lost a pretty significant number, probably in the order of multiple hundreds of millions of phones that are not going to be sold running Windows 10.”

But how much of a problem is it for Microsoft to miss its self-imposed deadline? If Windows 10 is on 800 million devices instead of one billion by summer 2018 that isn’t an issue in itself, says Gillen. What’s more of a problem, he said, is that Windows 10’s lacklustre performance on mobile means adoption of the OS will primarily be driven by the PC market, which has been in decline for years.

“They have a contracting market opportunity, rather than an exploding market opportunity,” he said.

This lack of mobile take-up weakens the appeal of a key Windows 10 feature that Microsoft used to sell the OS to developers and users, the Universal Windows Platform (UWP) app. While Microsoft says it is relatively easy for developers to turn a desktop UWP app into a mobile one, the motivation to do so is lessened if relatively few people use Windows 10 phones.

Developers are likely to prioritise Android and iOS devices and, while still developing for Windows PCs, the Windows platform will probably be “not nearly as important as these mobile devices are”, said Gillen.

Windows 10 is playing catch-up with the mobile platforms when it comes to user numbers, said Richard Edwards, principal research analyst with Ovum.

“Now this is a problem for Windows and for the Windows applications but it isn’t necessarily a problem for the larger Microsoft,” said Gillen, citing Microsoft’s willingness to integrate Microsoft services such as Azure Active Directory and applications such as Office with Android and iOS — rather than locking everything to Windows.

Microsoft does seem to have demoted the importance of Windows to its business, said Steve Kleynhans, VP for the mobile and client computing group at Gartner, as the company pursues its “cloud first” strategy.

“In the end Windows is just one of their products that support their overall cloud initiative and if they can’t win the mobile space with Windows they’ll go after it with something else,” he said.

“This is not the old Microsoft where everything was focused on ‘Windows has to be a success’. Windows used to be the lead player at Microsoft, Windows is now just one of the supporting characters.”

What’s next for Windows 10 and can you keep running Windows 7?

Microsoft has said that Windows 10 will cease to be available as a free upgrade to Windows 7 and Windows 8 users on July 29th.

After this point, consumer take-up of Windows 10 will slow down and businesses will begin to deploy the OS in earnest, according to Forrester principal analyst JP Gownder.

“2017 will be a big year for enterprise upgrades. Many organizations are already piloting Windows 10 devices, but in 2017 they will be driven by security concerns,” said Gownder, citing the OS’ support for security features such as application containerization, faster updates and anti-malware instructions built into Intel’s recent Skylake processors.

IDC’s Gillen agreed that firms would likely begin the process of rolling out Windows 10 within the next eight months, although he said the process could take businesses up to four years to complete.

From mid-2018, firms will have an extra incentive to deploy new PCs with Windows 10, rather than downgrading them to an earlier OS, as from this point Microsoft will no longer deliver updates to Skylake PCs running Windows 7 or 8.1, aside from critical patches.

Generally businesses are talking about “wanting to get through this migration quicker then they’ve done it in the past”, according to Gartner’s Kleynhans.

This greater urgency to switch every machine to Windows 10 stems from a desire to take full advantage of the new security and management features in the OS, he said.

“For enterprise, if you like the security, and that’s the reason you’re going [to Windows 10], you have to get that security across all your machines as quickly as you can,” he said, stressing that businesses were keen to use Enterprise edition security features such as Credential Guard, which offers additional protection for login details, and Device Guard, which allows devices to be restricted to only running trusted software.

For home users who don’t want to upgrade to Windows 10, however, IDC’s Gillen sees no reason why they shouldn’t continue using Windows 7 until Microsoft stops patching it against security flaws.

“There’s no downside really of using Windows 7 through 2020 until you get to the point where you’re out of extended support,” he said.