Hackers from the Chaos Computer Club have demonstrated just how easy it is to trick the Galaxy S8’s iris scanner. In a perfectly controlled environment, that is.
Samsung Galaxy S8 and Galaxy S8 Plus review: Almost to Infinity
April 18, 2017
Iris recognition is yet another form of biometric identification that looks at the patterns inside your irises. In theory, iris scanners are much more secure than fingerprint scanners since irises have complex and completely unique patterns whereas the uniqueness of fingerprints has been questioned in recent years. That’s why the iris scanner on Samsung’s Galaxy S8 and Galaxy S8 Plus is such a big deal, and that’s why the company even felt confident enough to let people use the technology to make payments.
As you can see, security researchers and hackers from the Chaos Computer Club were able to trick the Galaxy S8’s iris scanner with a digital camera, a printer, and contact lenses. As they explain, a good digital camera with 200mm-lens at a distance of up to five meters is sufficient to capture the user’s irises in enough detail:
The easiest way for a thief to capture iris pictures is with a digital camera in night-shot mode or the infrared filter removed… Depending on the picture quality, brightness and contrast might need to be adjusted. If all structures are well visible, the iris picture is printed on a laser printer… To emulate the curvature of a real eye’s surface, a normal contact lens is placed on top of the print.
Of course, this means that in theory, someone could steal your Galaxy S8 and trick the iris scanner in order to make online payments using apps like Samsung Pay. The CCC consequently recommends that you use the traditional PIN protection.
So the bottom line is that in theory, any security protection is susceptible to malicious hacking.
However, it’s important to note that the CCC’s test was done in a perfectly controlled environment, meaning the likelihood of someone being able to capture your irises with a camera and stealing your Galaxy S8 device is quite low. On top of that, there have been other tests in which hackers were able to successfully steal users’ PIN or bypass fingerprint scanners, so the bottom line is that in theory, any security protection is susceptible to malicious hacking. We just need to be careful when using password or biometric protection and avoid storing sensitive information on our phones.
Have you been using the iris scanner on your Galaxy S8? How do you like it so far? Let us know in the comments below!