Samsung’s premium flagship Galaxy S8 and the S8+ comes with iris recognition feature that was originally introduced with he ill-fated Galaxy Note 7. Samsung claims this feature to be ‘100 times’ more secure than fingerprints, however a hacker group has found a way to bypass the Iris scanner built into the Samsung Galaxy S8 & the Galaxy S8+.
A German hacker group Chaos Computer Club (CCC) has bypassed the iris recognition feature on the new Galaxy S8. To trick the iris recognition all that was required was a digital camera, a contact lens and a laser printer. The hackers took a picture of the subject’s face in night mode on a Sony digital camera and printed it on a laser printer. Since the iris scanner uses infrared light, the group printed a ‘real-life size’ infrared picture of an iris using a printer and superimposed it with a contact lens. Holding the image in front of the locked Galaxy S8, the device instantly recognised the artificial eye. The group has also posted a video which provided demonstration of the bypass.
Interestingly, the hackers could bypass the iris-based authentication by printing pictures on Samsung laser printers which according to them delivered best results.
“If all structures are well visible, the iris picture is printed on a laser printer. Ironically, we got the best results with laser printers made by Samsung,” the group said. Jan “Starbug” Krissler a security researcher and CCC member has since time demonstrated how biometric authentication methods can be easily tricked with ‘his hacks on fingerprint authentication system’. Starbug back in 2013 managed to bypass Apple’s Touch ID fingerprint scanner within 48 hours after its release.
Also Read: Samsung Galaxy S8+ Review
Dirk Engling, spokesperson for the CCC in a blog post said, “The security risk to the user from iris recognition is even bigger than with fingerprints as we expose our irises a lot. Under some circumstances, a high-resolution picture from the internet is sufficient to capture an iris.” Dirk has suggested, “If you value the data on your phone – and possibly want to even use it for payment – using the traditional PIN-protection is a safer approach than using body features for authentication.” This hack which looks simpler could possibly be pulled off with just a photo picked out from social media. The hackers pointed out, “By far most expensive part of this biometric hack was the purchase of the Galaxy S8 smartphone.”
Samsung taking the matter said that it is investigating the iris-recognition system hack on the Galaxy S8. The company in a statement (via Agence France-Presse) said, “The iris scanning technology in the Galaxy S8 has been developed through rigorous testing to provide a high level of accuracy and prevent attempts to compromise its security […] If there is a potential vulnerability or the advent of a new method that challenges our efforts to ensure security at any time, we will respond as quickly as possible to resolve the issue.”