Selfies Could Fool the Galaxy S8's Iris Scanner

A hack demonstrates that the iris scanner in Samsung's new flagship smartphone could unlock the device when presented with a photograph of the owner's eye.
Selfies Could Fool the Galaxy S8's Iris Scanner
Image credit: via PC Mag
  • ---Shares

Samsung describes the Galaxy S8's iris scanner, which lets you unlock the phone just by looking at it, as "one of the safest ways to keep your phone locked and the contents private." After all, "the patterns in your irises are unique to you and are virtually impossible to replicate," Samsung explains on its website.

But the company may now want to rethink the veracity of its marketing tactics, following a revelation this week that the Galaxy S8 iris-recognition system was hacked with a simple technique.

 

Members of the Chaos Computer Club (CCC), based in Germany, were able to unlock an S8 using a photo containing its registered iris. Theoretically, that means anyone who posts selfies online and has an S8 with iris recognition enabled is giving hackers a potential backdoor to unlock their phone.

In practice, it's not that simple. To pull off their hack, the CCC explained in a blog post that they used a clear picture of the phone owner's face, which was then printed using a laser printer. They then held a contact lens on top of the eye in the photograph, in order to give it the convex three dimensional shape required for the iris scanner to recognize it.

In addition to using high-resolution selfies, a hacker could also surreptitiously snap a photo of their intended victim, CCC notes.

Despite the simplicity of the hack, it doesn't reveal any fundamental flaws about Samsung's iris scanner itself. It's also worth noting that a similar technique could potentially be used to fool the S8's face recognition unlocking system, or any other phone with similar unlocking options.

Samsung did not immediately respond to a request for comment. But it does warn that face recognition (which uses the front-facing camera) is a less secure method of unlocking your phone, explaining in a footnote on its website that "face recognition is less secure than pattern, PIN or password."


More from PCMag

Next Article:
Meet the Hover Camera Passport, Your Per...
OK

This website uses cookies to allow us to see how our website and related online services are being used. By continuing to use this website, you consent to our cookie collection. More information about how we collect cookies is found here.