Samsung Galaxy S8’s iris-recognition feature was something that has had fans expect this model with great excitement. However, not a month has passed since it got released, when German hackers managed to defeat this security measure.
The Chaos Computer Club, which is a hacker collective that was formed in 1981 in Berlin has released a video in which they demonstrate a way to trick this security feature. In the video, the hackers are fooling this feature by using a dummy eye. This eye was created by a printing the picture of the owner’s eye, and it only had a contact lens that can match the curve of the eye itself. Apparently, this was enough to trick the phone into thinking that the owner’s the one that’s trying to unlock the phone.
The picture of the eye was downloaded from the social media. The group has stated that the best quality of the fake irises might be obtained by taking a digital photo in the night mode.
Dirk Engling, the spokesperson for the group, has stated that the security risk for this method is far greater than that for a fingerprint scanner. This is due to the fact that we’re exposing our irises quite a lot. He also said that using the pin to protect your phone is a far better option.
The newest version of Samsung Galaxy also has a facial recognition feature, but that one was defeated even before the phone could be bought. An ordinary picture of the phone’s owner is enough to trick this feature. And the same iris scanner was also found on Note 7.
This group was also responsible for fooling iPhone 5s’ TouchID fingerprint sensors, and only a few weeks after it was released. At first, the hackers needed to use wood glue and a laser etching machine to produce a fake print from something that the owner of the phone has touched. A year later, however, a different hacker managed to actually pull fingerprints from high-resolution photos.
The current hack is even simpler than that. All you need is to download a photo from Facebook, print it with a conventional laser printer, and put a contact lens over it. Hackers said that the most expensive part of this hack was buying a Galaxy S8 and that the biggest irony is that the Samsung’s printers are giving the best results.
When it comes to Samsung, they claim that every iris is unique and that this method is one of the most secure ones, because it’s impossible to replicate. It’s expected that the debate concerning the use of biometric features as security passes is going to continue, more heated than ever, due to this revelation.
The biggest issue with biometrics is that they can’t be replaced if they’re compromised. That’s something that’s a really big problem, despite the fact that they’re more convenient and harder to steal than regular passwords.