X

Phones

[Update: Samsung responds] The CCC finds a way to trick the Galaxy S8’s iris scanner

The iris recognition system on board the recently-released Galaxy S8 and Galaxy S8+ was reportedly defeated by the Chaos Computer Club (CCC). Using a printed infrared image of a human eye with a contact lens attached, the hackers were able to trick the system into thinking it was looking at the eye of the registered owner.

“Iris recognition may protect a phone against complete strangers unlocking it, but whoever has a photo of the legitimate owner can trivially unlock the phone,” says Dirk Engling, a spokesperson for the CCC. “If you value the data on your phone – and possibly want to even use it for payment – using a traditional PIN is a safer approach.”

While this news may frustrate and potentially worry many Galaxy S8 and Galaxy S8+ owners, it’s unlikely prying eyes (no pun intended) will have access to a high-resolution, close-up image of your iris and unless they’re armed with the picture, they can’t gain access to your device.

Update: Samsung has issued a statement in response to this report.

We are aware of the issue, but we would like to assure our customers that the iris scanning technology in the Galaxy S8 has been developed through rigorous testing to provide a high level of accuracy and prevent attempts to compromise its security, such as images of a person’s iris. If there is a potential vulnerability or the advent of a new method that challenges our efforts to ensure security at any time, we will respond as quickly as possible to resolve the issue.

15 Comments

Sign in »

15
Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Martin Eugeniev
Martin Eugeniev

Wait… doesnt it need both of your eyes to unlock? Mine wants my two eyes to be open…

donalddumb
donalddumb

somethings fishy here. how did they manage to get an IR Picture from a standard camera? is this a standard camera? which modell is this? afaik IR is only available in security cams or thermal imaging.

martindale
martindale

Fishy indeed. They used an IR camera. These are not difficult to get hold of (eg the CAT S60 smartphone has one), but neither do most people posess one. So not just any old photo will do the trick, guys at the office looking to prank you, an inquisitive spouse, whatever, they would need to go to some lengths. That is not just “whoever has a photo of the legitimate owner can trivially unlock the phone”.

jpd514
jpd514

It will not be the first FAKE NEWS published by CCC.
It just sad that Sammobile publish an other unverified news.
Samsung will have to sue this yellow journalism and the media that spread those misinformation.

martindale
martindale

Always good to have the hype put to the test. I’m happy to accept that biometrics are convenient and will keep the opportunist out. But when the manufacturers over hype it they deserve to be tripped up. Same kind of thing happened to HSBC bank using voice recognition login in the UK.

stondec
stondec

This is ridiculous! The chances that a criminal will pull that off is minuscule at best, but maybe if the CIA is trying to hack into your phone, they might go that far.

A Sweaty Womble
A Sweaty Womble

Oh yes of course, I forgot a pin is impossible to watch being entered… Because everyone uses a complex 32 digit pin and enters it in complete secrecy. 99.9% of people put their pin as their year of birth, 0000 or 1234 or any other easily guessable number patterns.

If you really want to protect your phone and its precious data from the most unlikely scenarios then go mad bashing the keyboard and type in something even you don’t know, seal the phone inside a safe, seal that safe in another safe, weld everything shut and send it into space.

rafael2017usa
rafael2017usa

What is that guy in the green t-shirt doing behind the bench with a camera on a tripod ?

obsydian
obsydian

Just took a selfie, displayed the photo on my pc pointed my S8+ at it and NOTHING

obsydian
obsydian

Wake up peeps to the high res selfie world, which most people post as profile pictures low res or full 4k on instagram, etc..

o0MHJ0o
o0MHJ0o

that’s a lie, the phone doesn’t unlock with just one eye. you have to have both. I had fun with the iris scanner by quickly switching between one eye open and one eye closed (yes, I know that is a bit sad). but it stands, and just did it again now, only having one eye in frame does not unlock the device. maybe they need to get the April security patch which fixes this and the easy face unlock. also, the chances of this happening are miniscule; take the risk, because it really isn’t all that risky

lhirota
lhirota

Unfortunately this is not completely true. You can unlock your phone with a single iris. I did the test and I was able to unlock without problems my Galaxy S8 covering one of my eyes

o0MHJ0o
o0MHJ0o

I genuinely can’t. Then again, the face recognition doesn’t register my face at all… so maybe my face is just too safe! lol

yash92duster
yash92duster

I have s8+ and phone unlocks with one eye also

try again and see

even in complete dark room it unlocks with one eye 🙂

rmbln01
rmbln01

“If you value the data on your phone – and possibly want to even use it for payment – using a traditional PIN is a safer approach.”

In your dreams. You’ll have to die first before you can have my phone and use that pathetic trick.