Samsung Galaxy S8 iris scanner is easily fooled by a printout

Adjust Comment Print

When we reviewed the Samsung Galaxy S8 here at T3 Towers we had a few reservations about the built-in iris scanner on the flagship new phone, despite absolutely loving the handset itself.

The iris recognition feature on the Samsung Galaxy S8 can be easily bypassed using "basic tools", security researchers in Germany have discovered. A contact lens is placed on the printed iris, to give it the appropriate curvature, and the Galaxy S8 accepts this as authentication for unlocking the phone. The hackers have posted a video showing the device being tricked by a dummy eye that the team has developed.

Created by YouTube channel Concept Creator and based on existing sketches and leaks, the video shows a 3D printed Galaxy Note 8 concept unit that features an all-screen design as well as a vertical dual lens camera on the back.

The cost of the hack is less than the £690 price (buy here) for an unlocked Galaxy S8 phone, hackers with the Chaos Computer Club in Germany said Tuesday.

Monaco won't block Mbappe from making €100m Man Utd or Madrid move
Former Barcelona midfielder Xavi has hailed Monaco starlet Kylian Mbappe as "a great talent", admitting that he "didn't know about him" previously.

The picture can be taken at medium range and is best shot in night mode, as the Galaxy S8 iris scanner works with an infrared light. Regardless, the latest turn of events is unlikely to significantly affect the commercial performance of the Galaxy S8 and Galaxy S8 Plus that are now enjoying an overwhelmingly positive reception from consumers and have reportedly sold more than five million units in less than a month on the market. As Starbug demonstrated in 2013, fingerprints can be casually collected off of water glasses and used to fool the Touch ID mechanism Apple built into iPhones. The "eye" is then presented to the Galaxy S8 which reportedly recognises it as the owner's original.

The biggest advantage to using an iris scanner compared to face recognition is that ordinary photos usually can't fool it.

Samsung said its iris-scanning technology had been through "rigorous testing" to "prevent attempts to compromise its security". It's possible, and anyone who really wants to gain access could jump through these hoops to get into your phone, but is it a reason to live in fear or not buy this phone? "Under some circumstances, a high-resolution picture from the internet is sufficient to capture an iris". Many biometric unlock methods have been found to be vulnerable.