Considering how even the capital of the strongest country on the planet isn’t safe from the shenanigans of hackers, the security of our humble smartphones seem like a lost case! While Samsung claims that their iris scan technology on S8 is “fool proof,” a security researcher at the Chaos Computer Club, Berlin has shown otherwise!
Jan “Starbug” Krissler has proved that the new iris scanner is very easy to trick as he pulled off the hack using a camera, a contact lens, and a printer. Using a Sony digital camera’s night mode, he captured his friend’s eye. Night mode allows one to capture the iris pattern of darker eyes with ease since it removes the infrared filter. Then he printed the life-size image of the snap using a Samsung printer and glued a contact lens to the picture to provide depth. And just like that the Galaxy S8 iris scanner was tricked as it couldn’t differentiate between the art project and the phone owner’s actual eye and gave full access to the phone, including Samsung Pay.
The whole process is illustrated in the video below:
Not so fool proof now is it? But it is to be noted that a hacker would have to go through a series of super risky operations to hack through this loophole. First of all, he will have to take a snap of your iris very closely and then test out different types of printers to get the best result. Given there are a dozen more convenient ways to hack a phone, such as tricking the fingerprint scanner and swindling the facial recognition software, no hacker would be tapping into the iris bust anytime soon.
But it still calls bullshit on Samsung’s claims that iris
“are virtually impossible to replicate” and that “iris authentication is one of the safest ways to keep your phone locked and the contents private?”
Samsung did take note of the hack very soon, and has released the following statement:
We are aware of the issue, but we would like to assure our customers that the iris scanning technology in the Galaxy S8 has been developed through rigorous testing to provide a high level of accuracy and prevent attempts to compromise its security, such as images of a person’s iris. If there is a potential vulnerability or the advent of a new method that challenges our efforts to ensure security at any time, we will respond as quickly as possible to resolve the issue.