You unlock this smartphone with your eyes

Some of the new phones launching at Mobile World Congress are sporting fingerprint scanners, but a new device from ZTE uses a very different biometric security measure to lock its screen. Using technology from Kansas City-based EyeVerify, the ZTE Grand S3 uses its front facing camera to check you are who you say you are, based on your baby blues.

EyeVerify’s technology uses an ordinary front-facing camera — its only requirement is that it takes photos at least one megapixel large. Instead of looking at your retinas, EyeVerify authenticates users by looking at vein patterns formed by blood vessels in the whites of the eye. ZTE calls its implementation Eyeprint ID, and it will come to other devices in its high end “Grand” line of smartphones. Android Central was able to try the ZTE Grand S3, and its eye-based unlocking software even works if you wear glasses:

One major question is what EyeVerify does better than fingerprint scanners, which have become the de facto biometric security measure for smartphones.

EyeVerify CEO Toby Rush wrote a blog post earlier this month comparing the two approaches. One of EyeVerify’s largest advantages is that it doesn’t require new hardware. Fingerprint scanners are expensive, and according to Rush, users have to look at their phone ever time it is unlocked, making eye-based verification preferable. However, he admits, in the burgeoning payments market, a fingerprint scanner makes more sense. Imagine standing at a retailer and staring at your phone to confirm your identity.


The fact that EyeVerify doesn’t require specific hardware means it could also work well for security on cross-platform apps. Banks and credit unions are looking into EyeVerify as a way to lock down their mobile apps.

Other specs on the ZTE Grand S3 include an 8 megapixel front camera, a 16 megapixel rear camera, and a 5.5-inch 1080p display. The phone is powered by a Qualcomm Snapdragon 801 processor. It’s running Android 4.4.

The ZTE Grand S3 is already in sale in China for a very pricey 2999 RMB ($477) and the company hasn’t mentioned whether it’s bringing the device to markets outside of China. Although ZTE isn’t a household name in the United States, it currently has about six percent of the United States smartphone market, mostly in the low-end. Recently, it’s been trying to raise its profile by sponsoring NBA teams like the Golden State Warriors and New York Knicks.


Fingerprints can be reproduced from publicly available photos

At a conference in Hamberg Germany this weekend, biometrics researcher Jan Krisller demonstrated how he spoofed a politician’s fingerprint using photos taken by a “standard photo camera.”

Krissler speculated that politicians might even want to “wear gloves when talking in public.”

The Chaos Computer Club, which put on the conference, and Krissler, who goes by Starbug, have demonstrated their ability to breach fingerprint sensors in the past. Shortly after the first Touch ID-equipped iPhone came out, the Chaos Computer Club was the first group to demonstrate that it is possible to beat Touch ID by creating a fake latex finger from a fingerprint left on glass or a smartphone screen.

Krissler claims he isolated German Defense Minister Ursula von der Leyen’s fingerprint from high-resolution photos taken during a public appearance in October using commercially available software called VeriFinger.

Although there are some advantages to a biometric access over traditional passwords — you can’t lose your fingerprint, and it can’t be phished — as the technology goes mainstream, it’s raising its own security issues. In addition to the spoofing problem, there’s a debate in the United States whether a law enforcement officer can compel you to unlock your device with your finger.

Most iOS devices now come with Touch ID, [company]Apple[/company]’s fingerprint security hardware. A recent Apple patent shows a way to beef up fingerprint reader security by adding a swipe motion.

Fingerprint readers aren’t standard on Android phones, but several devices already have them installed, and source code indicates that [company]Google[/company] has been working to add system-wide fingerprint scanning support.

Apple scoops up secure fingerprint sensor maker AuthenTec for $356M

Apple has purchased a mobile security firm that counts many of its mobile competitors as partners. Why? Apple may be eyeing fingerprint-based authentication for iPhones, or perhaps it wants AuthenTec’s NFC-payment security technology for a future iPhone with mobile payment capabilities.