Skip to main content

Hackers manage to fool the Galaxy S8’s iris scanner with a photo

Samsung says tricking the Galaxy S8's iris scanner is 'unrealistic'

galaxy s8 active
Germany’s venerable Chaos Computer Club (CCC) takes no prisoners — especially when it comes to smartphone security. After successfully fooling a fingerprint sensor using high-resolution images of a hand, specialized computer software, and a standard printer last year, the hacker collective set their sights on a new target: The Galaxy S8’s iris scanner.

In a video released on Monday, the white-hat team of hackers demonstrated how Samsung Galaxy S8’s iris sensor, supplied by security firm Princeton Identity, can be tricked into unlocking the phone with a cropped picture of a person’s irises and a pair of contact lenses. After toying around with the photo’s brightness and color contrast, printing out a high-resolution copy, and placing the contact lenses on top of the print, the CCC was able to unlock the Galaxy S8.

Related Videos

A spokesperson for Samsung told The Korea Herald that fooling the Galaxy S8’s iris sensor is “unrealistic,” and that it would require a “camera that can capture infrared light” and a photo of the owner’s iris. “It is difficult for the whole scenerio to happen in reality.”

It was a little more challenging than it looks. In a blog post, CCC spokesperson Dirk Engling conceded that most selfies won’t fool the Galaxy S8’s iris scanner — a hacker would have to capture a person’s iris with a digital camera in night-shot mode or the infrared filter removed.

“In the infrared light spectrum — usually filtered in cameras — the fine, normally hard to distinguish [sic] details of the iris of dark eyes are well recognizable,” Engling wrote. “[We were] able to demonstrate that a good digital camera with 200mm-lens at a distance of up to five meters is sufficient to capture suitably good pictures to fool iris recognition systems.”

Still, the CCC’s workaround would appear to contradict Samsung and Princeton Identity’s messaging. In marketing materials, Samsung’s highlighted the Galaxy S8’s iris scanner as a “secure” alternative to PINs and passcodes. In an interview with Business Insider in April, Princeton CEO Mark Clifton characterized the Galaxy S8’s iris scanner as “better” than the FBI’s fingerprinting technology.

“[The FBI] uses 13 points of identification per fingerprint, so with all 10 finger you might have 130 unique identifiers,” Clifton said. “[The] Galaxy S8’s iris scanner can register up to 200 identifying features from a single iris.”

It is not the first time the CCC has demonstrated flaws in iris-scanning technologies. In March, the group fooled a commercial system with a 75-pixel image of an iris printed at a resolution of 1,200 dpi (dots per inch).

“If you value the data on your phone, and possibly want to even use it for payment, using the traditional PIN-protection is a safer approach than using body features for authentication,” Engling said.

Article originally published on 05-23-2017. Updated on 05-25-2017 by Kyle Wiggers: Added statement from Samsung spokesperson. 

Editors' Recommendations

Samsung Galaxy Watch 6: the 6 things that would make it amazing
The Galaxy Watch 5 Pro showing a colorful watch face.

Samsung’s 2023 product lineup has turned out pretty impressive so far, but the more promising devices are scheduled for the latter half of the year. Among them is the Galaxy Watch 6 series. Now, the Galaxy Watch 5 line-up isn’t bad by any stretch of the imagination, but it also wasn’t really an appealing upgrade over the Galaxy Watch 4 portfolio.

With the Galaxy Watch 6 series, we’re already hearing some promising chatter in the leak land. Here’s a wish list of changes that would make the Galaxy Watch 6 series a truly tantalizing and potent alternative to the venerable Apple Watch.
Bring back the rotating bezel
Galaxy Watch 4 Andy Boxall/Digital Trends

Read more
Surprise Apple sale brings big discounts on iPad and Apple Watch
Data from a workout showing on the screen of the Apple Watch Series 8.

There are plenty of great discounts on Apple devices over at Amazon right now. That means substantial price cuts on the latest Apple Watch range as well as plenty of iPads too. If you're keen to learn more, we're here to help. We've picked out some of our favorite Apple deals going on right now. Check them out below to see how you can save big on highly sought-after devices.
Apple Watch SE (2nd Gen) -- $220, was $249

The Apple Watch SE (2nd Gen) is a marvel at this price. Easily one of the best smartwatch deals, it covers everything you could need. You gain comprehensive yet easy-to-use fitness tracking thanks to Apple's Activity Rings system and steady stream of challenges and rewards. It's fast too thanks to having the latest processor. Despite that, you still get to enjoy a two-day battery life with the watch easily comfortable to wear all day long. It lacks the ECG and blood oxygen sensors of the Series 8 along with the always-on display, but that won't be an issue for everyone. The key thing is you get an excellent smartwatch at a great price.

Read more
Apple Watch Series 9: the 6 biggest things we want to see
The Apple Watch Ultra with the Apple Watch Series 8 and Watch SE 2.

The Apple Watch Series 8 was a bit of a boring release for Apple’s wearable, as it wasn’t a huge upgrade over the Apple Watch Series 7; Apple seemed to spend more energy focusing on the Apple Watch Ultra instead. The only real upgrades for the Series 8 were the newer-generation S8 chip and a new body temperature sensor, though the use cases for that are pretty limited. But if you didn’t have a Series 7, then the Apple Watch Series 8 was still a great upgrade for those coming from older models.

We’re still a few months away from Apple revealing the next generation of Apple Watch with a Series 9 model, which is most likely coming sometime in the fall, along with the iPhone 15. But until then, here’s what I’m hoping Apple will put in the Apple Watch Series 9 when it finally comes out.
Nonintrusive blood glucose monitoring

Read more