Hackers Unlock Samsung Galaxy S8 With Infrared Poho of Users Iris
Hackers Unlock Samsung Galaxy S8 With Fake Iris
Using a camera, a printer, and a contact lens, hackers managed to bypass the S8's iris scanner.
By JOSEPH COX May 23 2017, 5:13am
Biometric locks for phones are just getting more and more elaborate. Not content with fingerprints, some devices now offer facial recognition tech for accessing a device, and in the Samsung Galaxy S8's case, an iris scanner too.
Despite Samsung stating that a user's irises are pretty much impossible to copy, a team of hackers has done just that. Using a bare-bones selection of equipment, researchers from the Chaos Computer Club (CCC) show in a video how they managed to bypass the scanner's protections and unlock the device.
"We've had iris scanners that could be bypassed using a simple print-out," Linus Neumann, one of the hackers who appears in the video, told Motherboard in a Twitter direct message.
The process itself was apparently pretty simple. The hackers took a medium range photo of their subject with a digital camera's night mode, and printed the infrared image. Then, presumably to give the image some depth, the hackers placed a contact lens on top of the printed picture.
And, that's it. They're in.
"The patterns in your irises are unique to you and are virtually impossible to replicate, meaning iris authentication is one of the safest ways to keep your phone locked and the contents private," Samsung's website reads.
The research didn't take all that much time, either.
"About a day of experimenting until the idea came up do use a contact lens. Then, a little charade of printers until it turned out that the Samsung printer provided the most reliable prints," Neumann told Motherboard.
Neither Samsung or Princeton Identity, the company behind the iris scanner technology, immediately responded to a request for comment.
Of course, this isn't the first time CCC has dug into biometric locks for phones. In 2014, the security researcher known as starbug, who worked on this latest research, demonstrated how he obtained a target's fingerprints just from a standard photo camera. In March, iDeviceHelp managed to fool the Galaxy S8's facial recognition feature too.
There's always going to be a trade-off when it comes to unlocking phones: do users want the convenience of just picking up the device, and it opening up, or do they prefer having to manually enter a code? Whatever your preference, now you know an iris scanner isn't on the more secure side of that spectrum.