Phones

Samsung says tricking Galaxy S8’s iris scanner is ‘unrealistic’

Berlin-based Chaos Computer Club recently demonstrated how the Galaxy S8’s iris scanner could be tricked. The method involved using a printed infrared image of the human eye attached to a contact lens. That was all they needed to trick the iris scanner into unlocking the device.

Iris scanner functionality is still rare on smartphones so it’s a pretty big selling point for the Galaxy S8. However, it’s not ideal to know that a feature that’s meant to protect your phone can be tricked with relative ease.

Samsung’s initial response to the matter was meant to assure customers that the iris scanning technology in the Galaxy S8 has been developed through rigorous testing to prevent attempts to compromise its security. It also said that if there was ever a potential vulnerability, it would respond as quickly as possible to fix it.

A spokesperson for the company told The Korea Herald today that fooling the Galaxy S8’s iris sensor is “unrealistic,” adding that it’s hard to see that happening in real life.

“You need a camera that can capture infrared light (used in the video), which is no longer available in the market. Also, you need to take a photo of the owner’s iris and steal his smartphone. It is difficult for the whole scenario to happen in reality,” the spokesperson said.

Dirk Engling, a spokesman for the Chaos Computer Club, says that under some circumstances, a high-resolution picture from the internet would be enough to capture an iris.

“If you value the data on your phone — and possibly want to even use it for payment — using the traditional pin protection is a safer approach than using body features for authentication,” he said.

13 Comments

Sign in »

13
Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Moorsigh
Moorsigh

The Iris scanner sure is secured! It’s so picky that I could unlock only 1 out of 20 odd times depending on the lighting n whether I am wearing my glasses ! I have 100% faith in it ..

martindale
martindale

So that’s a relief. I was worried that any mugger wanting my phone would press a gummy bear into my eyeball…

gtone339
gtone339

How about updating the Iris scanner by detecting Facial tissue that isn’t generic?

Michollstad
Michollstad

I agree, this is moronic. Way to many factors for this to ever happen to someone. Iris-scanning is awesome!

NotReallySamsungFan
NotReallySamsungFan

The point is not to make a practical method but a proof of concept that it can be done. Samsung said this was more secure than a fingerprint scanner, I think the process for this is easier than lifting a fingerprint, hoping it’s the right one and processing it to a 3D model that can unlock the phone.

ijazali
ijazali

I think people should be more careful about their device getting stolen rather than someone looking into the device.

Standingo
Standingo

It’s easier to threat somebody and make them unlock the device…

martindale
martindale

CCC are being disingenuous. The use of an IR camera was key to their success. But they keep glossing over that detail when they suggest that this hack is “trivially easy”, and imply that anyone with a candid photo of you at decent resolution can pwn your phone. It’s even been reported that you can “switch off the IR filter”, by engaging night mode on a smartphone camera! (The Register).
To my knowledge only one smartphone (Cat S60) has an IR camera. Anybody else will need to perform surgery to remove the IR filter from a digital camera.

mtbrown262626
mtbrown262626

However, it’s not ideal to know that a feature that’s meant to protect your phone can be tricked with relative ease are you for real they did that on the home phone it’s a bit different doing it to somebody else’s phone like somebody’s going to stand up there so somebody can do a copy of there are so that somebody can break into the phone come on be real is totally different doing that to your own phone we’ve got all the time in the world to do it to doing it to somebody else phone

Lukasz1536
Lukasz1536

I just wonder how many pics they did before found the right one to tricking IRIS. Stupid. You need perfect photo, contact lens, right printer – it’s not so easy as they said.

Rohan D
Rohan D

Fingerprints can be retrieved from anything you’ve touched. Pins can be stolen – even by examining the smudges on the glass! It’s a compromise between convenience and security. If I had to input a pin every time I had to unlock my phone I would simply disable that feature. You’d have to be pretty close to someone to pull off this task. Especially as it’s pretty easy to lockdown stolen phones quickly. You certainly couldn’t use that trick for payments – trying to change the security often requires different unlocks. Guess what’s a less secure payment system you use everyday?… Read more »

agarco
agarco

Stupidity, nothing better to do in life?

o0MHJ0o
o0MHJ0o

“this was all they needed”… “Relative ease”. are you being serious right now. the spokesperson is spot on! It is the most nitty gritty thing to do! and never have I seen an IR camera on the market as something an average person has. And yeah, if someone did let their phone get stolen they can easily lock it either using Google or Samsung’s “Find my phone” which turns the lockscreen into a pin, and they can do it from any device connected to the internet which is much quicker than the thief going home and setting this all up!… Read more »