Samsung recently launched its new flagship smartphones, the Galaxy S8 and Galaxy S8 Plus, with both Facial and IRIS Recognition features, making it easier for users to unlock their smartphone and signing into websites.
We already knew that the Galaxy S8’s facial unlock feature could be easily fooled with just a simple photograph of the device owner, but now hackers have also discovered a simple way to bypass the iris-based authentication, which Samsung wants you to think is unbeatable.
All it took for German hacking group Chaos Computer Club (CCC) to break the Galaxy S8’s iris-recognition system was nothing but a camera, a printer, and a contact lens.
We already knew that the Galaxy S8’s facial unlock feature could be easily fooled with just a simple photograph of the device owner, but now hackers have also discovered a simple way to bypass the iris-based authentication, which Samsung wants you to think is unbeatable.
All it took for German hacking group Chaos Computer Club (CCC) to break the Galaxy S8’s iris-recognition system was nothing but a camera, a printer, and a contact lens.
The white hat hacking group also published a video showing how to defeat Samsung’s iris scanner.
Want To Know How They Hacked The IRIS Scanner ? Check This Out
The process was very simple. The CCC group simply used the night mode setting on a Sony digital camera to capture a medium range photo of their subject.
Since the iris scanner uses infrared light, the group then printed out a real-life sized infrared image of one eye using a Samsung printer and placed a contact lens on the top of the printed picture to provide some depth. And, it was done.
The Samsung Galaxy S8 instantly recognized the mare photo as being a “real” human eye and unlocked the phone, giving hackers full access to the phone, including Samsung Pay.
Since the iris scanner uses infrared light, the group then printed out a real-life sized infrared image of one eye using a Samsung printer and placed a contact lens on the top of the printed picture to provide some depth. And, it was done.
The Samsung Galaxy S8 instantly recognized the mare photo as being a “real” human eye and unlocked the phone, giving hackers full access to the phone, including Samsung Pay.
So, the hackers successfully bypassed Galaxy S8’s iris-based authentication, which Samsung claims is “one of the safest ways to keep your phone locked.”
Here’s what Samsung said about the iris-recognition system hack:
“We are aware of the issue, but we would like to assure our customers that the iris scanning technology in the Galaxy S8 has been developed through rigorous testing to provide a high level of accuracy and prevent attempts to compromise its security, such as images of a person’s iris. If there is a potential vulnerability or the advent of a new method that challenges our efforts to ensure security at any time, we will respond as quickly as possible to resolve the issue.”
Source:TheHackerNews