Samsung Galaxy S8 iris scanner hacked using contact lens
There are also serious issues with the handset's fingerprint sensor
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.The Samsung Galaxy S8’s iris scanner has been tricked by a group of hackers.
The South Korean company has made a big deal about the handset’s iris scanner, which is supposed to be a highly secure and convenient way to unlock the S8 and authenticate payments.
However, Chaos Computer Club, a German hacking collective that has also conquered the iPhone’s TouchID fingerprint sensor, has fooled the system with a dummy eye.
The group managed to unlock an S8 using a picture of the owner’s eye with a contact lens placed on top of it, to mimic the curvature of a physical eyeball.
“If you value the data on your phone – and possibly want to even use it for payment – using the traditional pin-protection is a safer approach than using body features for authentication,” said Dirk Engling, Chaos Computer Club’s spokesperson.
“The security risk to the user from iris recognition is even bigger than with fingerprints, as we expose our irises a lot. Under some circumstances, a high-resolution picture from the internet is sufficient to capture an iris.”
According to the hackers, you can dupe the iris scanner with a picture taken from social media sites, but digital photographs taken in night mode work best.
They also took the opportunity to have some more fun at Samsung's expense, claiming: “Ironically, we got the best results with laser printers made by Samsung.”
While the Galaxy S8 is a highly impressive device, the poor placement and design of its fingerprint sensor damages the user experience significantly.
It’s small, shallow, difficult to reach and positioned right next to the camera lens. Unfortunately, the high-tech alternatives aren’t perfect either.
The iris scanner fails on a regular basis, as it struggles to work in bright light and when you’re moving. The phone’s facial recognition system, meanwhile, was tricked by a photograph almost immediately after launch.
That leaves the PIN as the most reliable way of unlocking the phone. Unfortunately, according to a recent study, PIN codes can be exposed simply by watching how a phone moves when it is being held.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments