Samsung Galaxy S8 Iris Scanner Can Be Easily Hacked: Here’s How!

Samsung Galaxy S8 Iris Scanner
Samsung's Galaxy S8 comes with an iris scanner, which can be easily hacked with just a printed photo and contact lens. (Source: qsmtube)
Samsung’s Galaxy S8 comes with an iris scanner and a face recognition feature, but as German hacker group Chaos Computer Club has shown, this can be easily Hacked. Also you don’t really need high-end tools to carry out this exercise. In the past the Chaos Computer Club has also revealed how Apple iPhone’s Touch ID isn’t foolproof.

In the latest demonstration, the CCC hacker group is arguing that biometric authentication systems are not really secure. One can use simple hacks to get around these methods, according to the group.

Samsung Galaxy S8 Iris Scanner Can Be Easily Hacked

The hackers took pictures of a person in a night mode on a digital camera, then printed them on on a laser printer. The group had printed out a detailed picture of the Iris, which is what the sensor detects. Since the sensor is an infrared one, the hackers relied on the night mode.

Samsung Galaxy S8 Iris Scanner Can Be Easily Hacked

According to the group, “If all structures are well visible, the iris picture is printed on a laser printer. Ironically, we got the best results with laser printers made by Samsung.”

Then they placed a contact lens on top of the printed picture, which manages to copy the curved structure of an actual eye, and this ended up tricking the iris recognition system. The phone thinks these are real eyes thanks to the contact lens, and the Galaxy S8 gets unlocked. The group has also posted a video showing how this is done.

How to hack the Galaxy S8 iris scanner

It still takes a little bit of work to bypass the Samsung Galaxy S8 iris scanner. You'll need some widely available accessories, according to the hacker group.

Here's what the Chaos Computer Club used to break in:

  • A high-resolution photo of the victim
  • A laser printer for a photo cropped to their eye
  • A contact lens to emulate the curvature of an eye

The picture can be taken at medium range and is best shot in night mode, as the Galaxy S8 iris scanner works with an infrared light.

The hackers also point out the Galaxy S8 was the “most expensive part of the iris biometry hack.”

“The security risk to the user from iris recognition is even bigger than with fingerprints as we expose our irises a lot. Under some circumstances, a high-resolution picture from the internet is sufficient to capture an iris,” said Dirk Engling CCC member and biometrics security researcher in the blogpost which explains the hack.

Engling’s advice: Stick with the regular pin protection to keep your smartphone locked and secure. It is much safer than using a fingerprint or your iris in this case.

According to the group, the issue with Iris scanner is that it can be easily tricked since photos of our iris might all over the internet. Those pictures in night-shot mode where Iris details are easily recognizable puts the security of these devices at a much higher risk.

Samsung has said it is investigating the Iris scanner hack on the Galaxy S8.


No comments:

Powered by Blogger.