Hacking The Galaxy S8 Iris Scanner

Three every-day items hold key to smartphone hack.

Just when you think researchers have finally come up with a foolproof security scan method (and what could possibly be more secure than the eyes in your skull?) some fancy hackers have to go and prove it can be beaten. Even worse, they used the company’s own product to defeat their security protocol.

When Samsung unveiled the Galaxy S8 complete with iris scanner to unlock the phone, the internet offered up a collective gasp. After all, who wouldn’t love the thought of holding their phone to their eyes and letting biometrics do the rest? Unfortunately, Chaos Computer Club, the same hacker group that proved you can fake someone’s fingerprint for the purposes of the Touch ID sensor, have now shown the world how to replicate someone’s iris in order to unlock their phone.

The added insult to injury is this: in order to unlock a Samsung phone with this method, you need a Samsung laser printer.

Matt Swider at TechRadar outlined the ridiculously simply steps involved in hacking someone’s iris scanner and unlocking their phone (we’re forgoing the step involved in acquiring a picture of this person… you do, admittedly, have to take someone’s picture, then print it out, then come back and steal their phone).

“It still takes a little bit of work to bypass the Samsung Galaxy S8 iris scanner. You’ll need some widely available accessories, according to the hacker group.

Here’s what the Chaos Computer Club used to break in:

A high-resolution photo of the victim
A laser printer for a photo cropped to their eye
A contact lens to emulate the curvature of an eye
The picture can be taken at medium range and is best shot in night mode, as the Galaxy S8 iris scanner works with an infrared light.”

For too long, we’ve been duped into believing that biometrics would be the wave of the future when it comes to security, but as we’re quickly finding out, it’s turning out to be too easy to leave our physical bodies in charge of our data. We’ve already gone through fingerprints and eye scans, so let’s just hope no one comes up with a phone that requires a drop of blood on the sensor in order to wake up.


. . . . . . . .

Leave a Reply