Samsung brought back the iris scanner with the launch of its flagship smartphones Galaxy S8 and S8+. Claiming it to be ‘one of the safest ways to keep your phone locked’, Samsung has been using this feature to not only unlock Galaxy S8 but also for the mobile payment service Samsung Pay. But what if we say that it is easy to fool the iris scanner on Galaxy S8 and that it is not 100 percent secured. Scary, right! Well, that’s what a group of German hackers have stated and even practically succeeded in doing.
Reacting to the incident, Samsung has issued a statement saying that it is not easy to fool the Galaxy S8’s iris recognition and that the hack is an unrealistic concept.
A Samsung spokesperson was quoted by the The Korea Herald as saying:
Although the one-minute video (that shows the sensor being fooled with a dummy eye) appears simple, it is hard to see that happening in real life.
A German hacking group named Chaos Computer Club successfully attempted to ‘break the Galaxy S8’s iris recognition lock with a printer, a picture of an iris photo taken with a camera and contact lenses’. They uploaded the video on YouTube showing the hacking process.
Read: Galaxy S8 and S8+ update
The process is as follows. You need to take a photo of the phone owner’s eye with a camera. But not any camera, mind you! You will need one that can capture infrared light, which Samsung claims is no longer available in the market. The photo is then printed using a a Samsung leisure printer. Finally, this photo is then placed in front of the iris scanner with contact lenses on top to mimic the eye curvature.
The Korean Herald quoted CCC spokesman Dirk Engling as saying:
Under some circumstances, a high-resolution picture from the internet is sufficient to capture an iris.
If you value the data on your phone — and possibly want to even use it for payment — using the traditional pin protection is a safer approach than using body features for authentication.
But Samsung states that this is an unrealistic process and practically not feasible. In the words of Samsung spokesperson:
You need a camera that can capture infrared light (used in the video), which is no longer available in the market. Also, you need to take a photo of the owner’s iris and steal his smartphone. It is difficult for the whole scenario to happen in reality.
This German hacker’s group was also behind the hacking of the fingerprint sensor on Apple’s iPhone 5S, and that too just two days after the device went on sale globally. Following Samsung, other smartphone manufacturers are also gearing up to launch devices with iris scanner. This should be an eye-opener for them and hopefully they will make this feature full-proof before bringing it to the market.
Via: The Korean Herald