Selfies Could Fool the Galaxy S8's Iris Scanner A hack demonstrates that the iris scanner in Samsung's new flagship smartphone could unlock the device when presented with a photograph of the owner's eye.

By Tom Brant

This story originally appeared on PCMag

via PC Mag

Samsung describes the Galaxy S8's iris scanner, which lets you unlock the phone just by looking at it, as "one of the safest ways to keep your phone locked and the contents private." After all, "the patterns in your irises are unique to you and are virtually impossible to replicate," Samsung explains on its website.

But the company may now want to rethink the veracity of its marketing tactics, following a revelation this week that the Galaxy S8 iris-recognition system was hacked with a simple technique.

Members of the Chaos Computer Club (CCC), based in Germany, were able to unlock an S8 using a photo containing its registered iris. Theoretically, that means anyone who posts selfies online and has an S8 with iris recognition enabled is giving hackers a potential backdoor to unlock their phone.

In practice, it's not that simple. To pull off their hack, the CCC explained in a blog post that they used a clear picture of the phone owner's face, which was then printed using a laser printer. They then held a contact lens on top of the eye in the photograph, in order to give it the convex three dimensional shape required for the iris scanner to recognize it.

In addition to using high-resolution selfies, a hacker could also surreptitiously snap a photo of their intended victim, CCC notes.

Despite the simplicity of the hack, it doesn't reveal any fundamental flaws about Samsung's iris scanner itself. It's also worth noting that a similar technique could potentially be used to fool the S8's face recognition unlocking system, or any other phone with similar unlocking options.

Samsung did not immediately respond to a request for comment. But it does warn that face recognition (which uses the front-facing camera) is a less secure method of unlocking your phone, explaining in a footnote on its website that "face recognition is less secure than pattern, PIN or password."

Wavy Line
Tom Brant

News reporter

Tom is PCMag's San Francisco-based news reporter. 

Editor's Pick

She's Been Coding Since Age 7 and Presented Her Life-Saving App to Tim Cook Last Year. Now 17, She's on Track to Solve Even Bigger Problems.
Lock
I Helped Grow 4 Unicorns Over 10 Years That Generated $18 Billion in Online Revenues. Here's What I've Learned.
Lock
Want to Break Bad Habits and Supercharge Your Business? Use This Technique.
Lock
Don't Have Any Clients But Need Customer Testimonials? Follow These 3 Tricks To Boost Your Rep.
Why Are Some Wines More Expensive Than Others? A Top Winemaker Gives a Full-Bodied Explanation.

Related Topics

Business News

California Woman Arrested For $60 Million Postal Service Scam

Lijuan "Angela" Chen faces two charges that each carry a maximum sentence of five years in prison.

Science & Technology

'We Were Sucked In': How to Protect Yourself from Deepfake Phone Scams.

Phone fraudsters are using AI to clone the voices of loved or trusted people to rip them off. Here's how to detect if the phone is real or robot.

Marketing

5 Things You Can Do Now to Improve Email Marketing

Abide by these simple tricks to help your campaigns gain more visibility and generate revenue in the process.

Leadership

The Return to Office Movement is Causing a Mental Health Crisis. Employers Are Part of The Problem — But They Can Be Part of The Solution.

Employee mental health substantially worsened with the return to office demands, and it's causing disengagement and low morale. The solution demanded by employees is the answer.

Growing a Business

Trendspotting 101 — How to Stay Ahead of the Curve in Your Industry

Learn how to spot and capitalize on emerging trends in your industry with these practical tips.