Samsung Electronics on Thursday said that the recently revealed hack of the Galaxy S8’s iris scanner is “unrealistic,” implying that the method of fooling the biometric protection integrated into its latest pair of Android flagships is too complicated to pose a serious vulnerability to its customers. In a statement provided to a South Korean media outlet, a representative of the Seoul-based consumer electronics manufacturer said that the hacking method demonstrated by the Chaos Computer Club (CCC) is “hard” to deploy in a real-world scenario. Apart from requiring an infrared camera, hackers would have to record a high-quality image of a person’s iris in order to break into their smartphone, the company official said, without reflecting on CCC’s recent comments that a photograph taken from the Internet could also theoretically be employed with the same method.
The originally demonstrated technique worked with an infrared image of a person’s iris taken from a medium distance, indicating that hypothetical attackers could be able to capture the necessary photograph without alarming the victim. Once a photo has been obtained, the method was relatively straightforward and only required hackers to print the photo and put a contact lens on it in order to trick the iris scanner of the Galaxy S8 and Galaxy S8 Plus. Samsung initially stated that its biometric authentication solutions have all been rigorously tested during development, reassuring customers who might be worried about being compromised. While the hacking method demonstrated by the CCC may not pose a serious vulnerability, many cyber security experts agree that contemporary iris scanners aren’t as secure as strong passwords and are still urging consumers to secure their sensitive data with something other than an iris pattern.
It remains to be seen whether the South Korean original equipment manufacturer (OEM) attempts to patch the newly uncovered vulnerability of its authentication system, though the company’s latest comments on the matter don’t indicate that resolving the issue is a priority. The recently demonstrated method of fooling the Galaxy S8-series iris scanners is the first such vulnerability of Samsung’s new devices that was discovered, and the handsets themselves are seemingly highly secure otherwise.