Hackers easily tricked Samsung Galaxy S8 iris recognition with a photo and contact lens

Samsung launched its latest and greatest Galaxy S8 with IRIS scanner and facial recognition. The company said its facial recognition feature is just for fun and not meant to be used for security purposes. For security, users must either use IRIS scanner or the fingerprint/passcode, the company recommended. Now some hackers from German have successfully managed to bypass the IRIS recognition authentication system of the Galaxy S8 as well.

The hackers with the Chaos Computer Club claim that they used equipment that costs less than the price of the smartphone to break inside an IRIS protected Galaxy S8. They used a digital camera, a Samsung laser printer, and a contact lens to achieve the target.

The Galaxy S8 iris authentication hacking process involved taking a picture of the device owner, printing it out on a paper, placing the contact lens right on top of the iris in the printed photo, and bringing the photo in front of the iris protected Galaxy S8. The photo taken for the hack does need to be a close-up shot, although the night-shot mode or removing the infrared filter helps in achieving the goal, according to the hackers.

Hackers have posted the following video to demonstrate the process.

Both the Samsung and Princeton Identity – the company behind the authentication technology, claimed that iris recognition provides “airtight security” giving their users the confidence that their devices are protected. Princeton Identity has also said the Samsung partnership “brings us one step closer to making iris recognition the standard for user authentication.” Despite all their claims, their so-called “airtight security” could not withstand a printed photo in combination with a contact lens.

Samsung is one of the first companies to launch their flagship smartphone with an iris scanner. The iris scanner has so far been considered a convenient alternative to the passcode or fingerprint scanner, but the hacker suspects that all the upcoming phones with iris authentication may be equally easy to hack. Even the Apple is widely rumored to feature iris scanner along with facial recognition in its 10th anniversary iPhone 8 model, however, company’s supplier still remains unknown.

Apple’s recent acquisition of companies such as Faceshift and PrimeSense added weight to the rumor that the company is indeed working on an in-house authentication solution for the OLED iPhone. Apple has also trademarked “Iris Engine.” One report claimed that Apple is working with a Taiwan-based supplier Xintec, an affiliate of TSMC, for the mass production of iris recognition chips for the fruit company.

Be the first to comment

Leave a Reply

Your email address will not be published.


*