Samsung touts iris scanning as a strong security feature of its new Galaxy S8 and Galaxy S8+ flagship smartphones but it’s far from perfect. As it turns out, it’s relatively easy to hack the Galaxy S8’s iris scanner and gain access to a device that’s secured using this method. A security researcher from the Chaos Computer Club in Berlin was able to trick the Galaxy S8’s iris scanner to gain access to a device that was locked.
Chaos Computer Club’s Jan Krissler was able to hack the Galaxy S8’s iris scanner by using a camera, contact lens, and a printer. He used a Sony digital camera with the night mode setting to take an image of his friend’s eye. He then printed out a life-size image of the eye and glued it on a contact lens to provide depth.
That’s all that he needed to do to get into the device as the iris scanner picked it up as the correct iris and immediately unlocked the phone. He even had access to Samsung Pay, Samsung’s mobile payment service, which can be configured to use iris scanning for payment authorization.
That being said, this method does require the person wishing to access the device to have a clear photo of the eyeball, but Krissler mentions that this method works even if the picture has been taken from up to 15 feet away.
Samsung has issued a statement saying that it’s aware of the issue and that “the iris scanning technology in the Galaxy S8 has been developed through rigorous testing to provide a high level of accuracy and prevent attempts to compromise its security, such as images of a person’s iris.”
The company also says that if there is a potential vulnerability or a new method to challenge the security, it will response “as quickly as possible” to resolve the issue.