Hackers Unlock Samsung Galaxy S8 With Infrared Poho of Users Iris
Hackers Unlock Samsung Galaxy S8 With Fake Iris
Using a camera, a printer, and a contact lens, hackers
managed to bypass the S8's iris scanner.
By JOSEPH COX May 23 2017, 5:13am
Biometric locks for phones are just getting more and more
elaborate. Not content with fingerprints, some devices now offer facial
recognition tech for accessing a device, and in the Samsung Galaxy S8's case,
an iris scanner too.
Despite Samsung stating that a user's irises are pretty
much impossible to copy, a team of hackers has done just that. Using a
bare-bones selection of equipment, researchers from the Chaos Computer Club
(CCC) show in a video how they managed to bypass the scanner's protections and
unlock the device.
"We've had iris scanners that could be bypassed
using a simple print-out," Linus Neumann, one of the hackers who appears
in the video, told Motherboard in a Twitter direct message.
The process itself was apparently pretty simple. The
hackers took a medium range photo of their subject with a digital camera's
night mode, and printed the infrared image. Then, presumably to give the image
some depth, the hackers placed a contact lens on top of the printed picture.
And, that's it. They're in.
"The patterns in your irises are unique to you and
are virtually impossible to replicate, meaning iris authentication is one of
the safest ways to keep your phone locked and the contents private,"
Samsung's website reads.
The research didn't take all that much time, either.
"About a day of experimenting until the idea came up
do use a contact lens. Then, a little charade of printers until it turned out
that the Samsung printer provided the most reliable prints," Neumann told
Motherboard.
Neither Samsung or Princeton Identity, the company behind
the iris scanner technology, immediately responded to a request for comment.
Of course, this isn't the first time CCC has dug into
biometric locks for phones. In 2014, the security researcher known as starbug,
who worked on this latest research, demonstrated how he obtained a target's
fingerprints just from a standard photo camera. In March, iDeviceHelp managed
to fool the Galaxy S8's facial recognition feature too.
There's always going to be a trade-off when it comes to
unlocking phones: do users want the convenience of just picking up the device,
and it opening up, or do they prefer having to manually enter a code? Whatever
your preference, now you know an iris scanner isn't on the more secure side of
that spectrum.
Comments
Post a Comment