Samsung Galaxy S8’s iris scanner fooled by hackers using photo and contact lens

Samsung Galaxy S8’s iris scanner fooled by hackers using photo and contact lens
HIGHLIGHTS

Samsung has claimed Galaxy S8's iris scanner is more secure than the face unlock system

Samsung's latest flagship, the Galaxy S8 comes with multiple unlocking options like iris scanning, face unlock and fingerprint sensor. The face unlock was recently proven to be insecure and Samsung has claimed that iris scanning feature offers better security. Now, hacker for the Chaos Computer Club (CCC), Jan Krissler, who goes by the name Starbug, has demonstrated how to beat the Galaxy S8's iris scanner with a simple photograph.

In the video, Starbug takes an infrared picture of a person using night mode setting on a point and shoot camera. He then prints the picture on a standard laser printer and then fools the iris scanner by placing a contact lens on top of the image. By placing the contact lens, Starbug tricks the iris sensor to believe it's an actual human eye.

While the hack seems low-tech, there is considerable effort involved here in comparison with S8's facial recognition hack. In the past, Starbug successfully recreated fingerprint of Germany's defence minister, Ursula von der Leyen by using pictures of her fingers. He also bypassed Apple's TouchID just days after its launch.

"If you value the data on your phone – and possibly want to even use it for payment – using the traditional PIN-protection is a safer approach than using body features for authentication," says Dirk Engling, spokesperson for the CCC.

Biometric recognition system like iris scanning is being widely adopted by smartphone and laptop manufacturers recently. The feature is also rumoured to make its way on Apple's next-generation iPhone. While Samsung is yet to comment on how secure its iris scanning feature is, this new hack is a reminder that even the most secure biometric recognition system can be broken with simple and innovative techniques.

Karthekayan Iyer
Digit.in
Logo
Digit.in
Logo