Skip to main content
  1. Home
  2. Mobile
  3. News

Hackers manage to fool the Galaxy S8’s iris scanner with a photo

Samsung says tricking the Galaxy S8's iris scanner is 'unrealistic'

Kyle Wiggers
By

galaxy s8 active
Image used with permission by copyright holder
Germany’s venerable Chaos Computer Club (CCC) takes no prisoners — especially when it comes to smartphone security. After successfully fooling a fingerprint sensor using high-resolution images of a hand, specialized computer software, and a standard printer last year, the hacker collective set their sights on a new target: The Galaxy S8’s iris scanner.

In a video released on Monday, the white-hat team of hackers demonstrated how Samsung Galaxy S8’s iris sensor, supplied by security firm Princeton Identity, can be tricked into unlocking the phone with a cropped picture of a person’s irises and a pair of contact lenses. After toying around with the photo’s brightness and color contrast, printing out a high-resolution copy, and placing the contact lenses on top of the print, the CCC was able to unlock the Galaxy S8.

Recommended Videos

A spokesperson for Samsung told The Korea Herald that fooling the Galaxy S8’s iris sensor is “unrealistic,” and that it would require a “camera that can capture infrared light” and a photo of the owner’s iris. “It is difficult for the whole scenerio to happen in reality.”

Related

It was a little more challenging than it looks. In a blog post, CCC spokesperson Dirk Engling conceded that most selfies won’t fool the Galaxy S8’s iris scanner — a hacker would have to capture a person’s iris with a digital camera in night-shot mode or the infrared filter removed.

“In the infrared light spectrum — usually filtered in cameras — the fine, normally hard to distinguish [sic] details of the iris of dark eyes are well recognizable,” Engling wrote. “[We were] able to demonstrate that a good digital camera with 200mm-lens at a distance of up to five meters is sufficient to capture suitably good pictures to fool iris recognition systems.”

Still, the CCC’s workaround would appear to contradict Samsung and Princeton Identity’s messaging. In marketing materials, Samsung’s highlighted the Galaxy S8’s iris scanner as a “secure” alternative to PINs and passcodes. In an interview with Business Insider in April, Princeton CEO Mark Clifton characterized the Galaxy S8’s iris scanner as “better” than the FBI’s fingerprinting technology.

“[The FBI] uses 13 points of identification per fingerprint, so with all 10 finger you might have 130 unique identifiers,” Clifton said. “[The] Galaxy S8’s iris scanner can register up to 200 identifying features from a single iris.”

It is not the first time the CCC has demonstrated flaws in iris-scanning technologies. In March, the group fooled a commercial system with a 75-pixel image of an iris printed at a resolution of 1,200 dpi (dots per inch).

“If you value the data on your phone, and possibly want to even use it for payment, using the traditional PIN-protection is a safer approach than using body features for authentication,” Engling said.

Article originally published on 05-23-2017. Updated on 05-25-2017 by Kyle Wiggers: Added statement from Samsung spokesperson. 

Editors' Recommendations

Topics
Kyle Wiggers
Kyle Wiggers
Former Digital Trends Contributor
Kyle Wiggers is a writer, Web designer, and podcaster with an acute interest in all things tech. When not reviewing gadgets…
This tiny Android phone almost ruined the Galaxy S23 Ultra for me
The back of the Galaxy S23 Ultra and Zenfone 10.

Ahead of going away for a few days, I decided to swap from the phone I’d just finished reviewing to the Samsung Galaxy S23 Ultra, ensuring I had a great camera with me while on my break. Nothing odd about that, right? Usually, no, except I was coming from the diminutive Asus Zenfone 10, and picking up the S23 Ultra afterward felt like I'd chosen to take a 12.9-inch iPad Pro as my replacement device.

For a short while, the Galaxy S23 Ultra's enormous dimensions bordered on the laughably unmanageable. But then, it redeemed itself in the best way possible.
A truly massive size difference

Read more
Asus’ latest Android phone could be a big threat to the Galaxy S23 Ultra
Holding the Asus Zenfone 9 to show how it's able to be used one-handed.

After plenty of speculation and waiting, Asus is finally ready to launch its next flagship smartphone, the Zenfone 10, at the end of this month. First announced late last night on the Asus Taiwan Instagram account, the Zenfone 10 will be officially revealed in full and launch on June 29.

Asus tends to make pretty solid devices despite not being quite as popular as the smartphone giants like Samsung, Google, and Apple. But the Zenfone 10 looks like it's shaping up to be one of the best Android phones on the market. Based on a handful of videos posted on the Asus website on a page devoted to the Zenfone 10 launch event, the phone's specs make it seem like it might be able to go toe-to-toe with the likes of the Samsung Galaxy S23 Ultra with one key difference: its size.

Read more
I’m obsessed with the Galaxy S23 Ultra’s camera — and these photos show why
Samsung Galaxy S23 Ultra portrait camera

Samsung is the global smartphone market leader, but it's also known for its tongue-in-cheek advertisements. The company recently ran an ad campaign where everyone constantly asks the main character to send them photos taken with the Galaxy S23 Ultra. Something similar happened when I attended a close friend's wedding in India last month.

I carried the Galaxy S23 Ultra to the wedding, then on a vacation, leaving every other camera behind. Anyone who saw the images it took immediately inquired what model it was and blurted, "These are as good as a DSLR!" While that may sound exaggerated, I'm confident you will be flooded with similar opinions when you see the pictures below.

Read more