Samsung’s Galaxy S8 comes with an iris scanner and a face recognition feature, but as German hacker group Chaos Computer Club has shown, this can be easily fooled. Also you don’t really need high-end tools to carry out this exercise. In the past the Chaos Computer Club has also revealed how Apple iPhone’s Touch ID isn’t foolproof.
In the latest demonstration, the CCC hacker group is arguing that biometric authentication systems are not really secure. One can use simple hacks to get around these methods, according to the group.
The hackers took pictures of a person in a night mode on a digital camera, then printed them on on a laser printer. The group had printed out a detailed picture of the Iris, which is what the sensor detects. Since the sensor is an infrared one, the hackers relied on the night mode.
According to the group, “If all structures are well visible, the iris picture is printed on a laser printer. Ironically, we got the best results with laser printers made by Samsung.”
Then they placed a contact lens on top of the printed picture, which manages to copy the curved structure of an actual eye, and this ended up tricking the iris recognition system. The phone thinks these are real eyes thanks to the contact lens, and the Galaxy S8 gets unlocked. The group has also posted a video showing how this is done.
The hackers also point out the Galaxy S8 was the “most expensive part of the iris biometry hack.”
“The security risk to the user from iris recognition is even bigger than with fingerprints as we expose our irises a lot. Under some circumstances, a high-resolution picture from the internet is sufficient to capture an iris,” said Dirk Engling CCC member and biometrics security researcher in the blogpost which explains the hack.
Engling’s advice: Stick with the regular pin protection to keep your smartphone locked and secure. It is much safer than using a fingerprint or your iris in this case.
According to the group, the issue with Iris scanner is that it can be easily tricked since photos of our iris might all over the internet. Those pictures in night-shot mode where Iris details are easily recognizable puts the security of these devices at a much higher risk.
Samsung has said it is investigating the Iris scanner hack on the Galaxy S8.