It appears Samsung’s Galaxy S8 iris scanner is not as ‘airtight’ as initially perceived. Hackers have revealed it can be bypassed with a printed picture of the owner’s eye and a contact lens.
Samsung has said the its Galaxy S8’s iris scanning provides users with ‘airtight security’ , but researchers have demonstrated that it can be easily bypassed using a photograph and a contact lens.
A new video has revealed that hackers can place a contact lens over a printed photo of the smartphone owner’s eye to unlock the handset.
Although Samsung has noted that ‘the patterns in your irises are unique to you and are virtually impossible to replicate’ the makeshift eye is able to fool the technology — leaving many to wonder just how secure the technology really is.
Scroll down for videos
The discovery was made by researchers, or as they call themselves, ‘hackers’ , at the Chaos Computer Club (via Motherboard) .
DailyMail.com has contacted Samsung and has yet to receive a response.
‘The Samsung Galaxy S8 is the first flagship smartphone with iris recognition,’ the team shared in a blog post.
‘The manufacturer of the biometric solution is the company Princeton Identity Inc. The system promises secure individual user authentication by using the unique pattern of the human iris.’
‘A new test conducted by CCC hackers shows that this promise cannot be kept: With a simple to make dummy-eye the phone can be fooled into believing that it sees the eye of the legitimate owner.’
The hack was carried out in a matter of minutes, starting with capturing a picture of the user’s eye.
Using ‘a good digital with 200mm-lens’ at about 16 feet (5m) from the phone owner, the team snapped the picture and then printed it out with a laser print that so was also manufactured by Samsung.
But to make it look more realistic, the hackers thought of adding a contact lens on top of the print out – this ‘emulated the curvature of a real eye’s surface’ .
And when he held up the photo in front of the iris scanner, the Samsung Galaxy S8 smartphone instantly unlocked.
‘The security risk to the user from iris recognition is even bigger than with fingerprints as we expose our irises a lot. Under some circumstances, a high-resolution picture from the internet is sufficient to capture an iris“, said Chaos Computer Clubs spokesperson, Dirk Engling.
Samsung had announced its iris scanner with pride, sharing that users only need to align their eyes with the circles to unlock their phone ‘with a look’ .
But it seems it doesn’ t matter if the look is from a real person or a photo of them.
On top of the iris scanning is facial recognition technology, which is said to have lightening quick capabilities and the facial tracking features are able to instantly recognize the users face – the process seems to be much faster than fingerprint recognition.
But when the Samsung Galaxy S8 made its debut at the Unpacked event, an early viewer found a disheartening flaw with the technology.
Blogger Marcianophone setup a S8 handset with his face at the Unpacked event, which unveiled the new Android, and in seconds, revealed how simple it was to trick the facial recognition technology with just a selfie.
This also means that it would be possible to use the face of a user who is sleeping.
Forbes has noted that because the smartphone was at the unveiling it may not be running on the final software meant to hit the market.
Regardless, this mishap is making some users weary about how secure the phone is, which is the last thing Samsung might want hear– the Galaxy S8 was meant to help the firm’s reputation, not tarnish even more.
The South Korean firm has acknowledged the flaw and explained that the facial recognition technology was not meant to be a security feature.
However, it did say that it serves as another way to get to the Home screen- as opposed to Slide to Lock.
‘Facial recognition is a convenient action to open your phone – similar to the ‘swipe to unlock’ action, ‘ said a Samsung spokesperson in a statement sent to Business Insider .
‘We offer the highest level of biometric authentication – fingerprint and iris – to lock your phone and authenticate access to Samsung Pay or Secure Folder.’
Samsung had also noted that users who plan on using the facial recognition technology should considering using fingerprints or iris scanners instead, as these two are not as easily tricked — but the hack from Chaos Computer Clubs suggests otherwise.
