Samsung S8 Iris scanner is great, but it's not hack-proof
While phone makers have been touting iris-based recognition as the next big leap in phone security, a recent development proves that we are yet to come up with an iris-scanning system that can't be easily fooled. Hackers affiliated to Chaos Computer Club in Germany recently showed how easy it is to bypass the Galaxy S8's iris scanner. Here's all that you need to know.
Just basic DIY would do
The hackers in the video took a picture of the person, whose Samsung S8 they intended to hack using the night mode option in the digital camera, as the iris-scanners use infrared for detection. One doesn't even need to be close, any image taken from a medium distance will be enough to fool Samsung S8 iris scanner and then the hacking begins.
Print it and you are done
Now a printout of the image was taken and a contact lens was placed on it. All that was left to do was point it at the Samsung S8's cutting edge iris-scanner, which ended up recognizing the printed image as the original eye. The hackers said that this simple trick can be performed even by using the Samsung S8 owner's social media pictures.
All in a day's work
Linus Neumann, one of the hackers, who appears in the video said to Motherboard that it took them, "about a day of experimenting until the idea came up to use a contact lens. Then, a little charade of printers until it turned out that the Samsung printer provided the most reliable prints." What took years to perfect was squashed in a day's work.
Virtually impossible? Not anymore
Samsung's website says, "The patterns in your irises are unique to you and are virtually impossible to replicate, meaning iris authentication is one of the safest ways to keep your phone locked and the contents private," however, it probably didn't account for the fact that a simple hack could fool its "safest ways." The firm told BBC that they were "aware of the issue."
Sometimes, the old ways are the best
The group's spokesperson, Dirk Engling said to The Guardian, "The security risk to the user from iris recognition is even bigger than with fingerprints, as we expose our irises a lot." Moreover, "If you value the data on your phone - and possibly want to even use it for payment - using traditional pin-protection is a safer approach than using body features for authentication."
