It’s embarrassing how easy it is to hack Samsung’s self-proclaimed “safest way” to lock a phone, German hackers show
The attack is extremely basic and doesn’t even require any type of hacking skills. All you need is a digital camera, a laser printer, and a contact lens.
Called the Chaos Computer Club, the German hackers figured that if you take a picture of the phone owner’s face, print it on paper, superimpose the contact lens and hold the image in front of the Galaxy S8, you can bypass the security measures. The photo you take doesn’t even have to be a close up, although the hackers to admit that using night-shot mode or removing the infrared filter does help.
“The Samsung Galaxy S8 is the first flagship smartphone with iris recognition. The manufacturer of the biometric solution is the company Princeton Identity Inc. The system promises secure individual user authentication by using the unique pattern of the human iris, ” reads the group’s post. “A new test conducted by CCC hackers shows that this promise cannot be kept: With a simple to make dummy-eye the phone can be fooled into believing that it sees the eye of the legitimate owner.”
Dirk Engling, spokesperson for the CCC advises users that care about the data on their phones to keep using the traditional PIN-protection since it is safer than any alternative using body features.
More worrying than having the ability to get into someone’s phone is the fact that Samsung also announced the integration of the iris authentication feature for its payment system “Samsung Pay” which means that a successful attacker could also get access to the phone owner’s mobile wallet with just a few easy tricks.
That being said, Samsung’s cool new feature is just that – “cool.” As proven by CCC, it brings no real protection against someone who really wants to get into your phone.
