Berlin-based Chaos Computer Club recently demonstrated how the Galaxy S8’s iris scanner could be tricked. The method involved using a printed infrared image of the human eye attached to a contact lens. That was all they needed to trick the iris scanner into unlocking the device.
Iris scanner functionality is still rare on smartphones so it’s a pretty big selling point for the Galaxy S8. However, it’s not ideal to know that a feature that’s meant to protect your phone can be tricked with relative ease.
Samsung’s initial response to the matter was meant to assure customers that the iris scanning technology in the Galaxy S8 has been developed through rigorous testing to prevent attempts to compromise its security. It also said that if there was ever a potential vulnerability, it would respond as quickly as possible to fix it.
A spokesperson for the company told The Korea Herald today that fooling the Galaxy S8’s iris sensor is “unrealistic,” adding that it’s hard to see that happening in real life.
“You need a camera that can capture infrared light (used in the video), which is no longer available in the market. Also, you need to take a photo of the owner’s iris and steal his smartphone. It is difficult for the whole scenario to happen in reality,” the spokesperson said.
Dirk Engling, a spokesman for the Chaos Computer Club, says that under some circumstances, a high-resolution picture from the internet would be enough to capture an iris.
“If you value the data on your phone — and possibly want to even use it for payment — using the traditional pin protection is a safer approach than using body features for authentication,” he said.