Skip to main content
  1. Home
  2. Mobile
  3. News

Hackers manage to fool the Galaxy S8’s iris scanner with a photo

Samsung says tricking the Galaxy S8's iris scanner is 'unrealistic'

By

galaxy s8 active
Image used with permission by copyright holder
Germany’s venerable Chaos Computer Club (CCC) takes no prisoners — especially when it comes to smartphone security. After successfully fooling a fingerprint sensor using high-resolution images of a hand, specialized computer software, and a standard printer last year, the hacker collective set their sights on a new target: The Galaxy S8’s iris scanner.

In a video released on Monday, the white-hat team of hackers demonstrated how Samsung Galaxy S8’s iris sensor, supplied by security firm Princeton Identity, can be tricked into unlocking the phone with a cropped picture of a person’s irises and a pair of contact lenses. After toying around with the photo’s brightness and color contrast, printing out a high-resolution copy, and placing the contact lenses on top of the print, the CCC was able to unlock the Galaxy S8.

Recommended Videos

A spokesperson for Samsung told The Korea Herald that fooling the Galaxy S8’s iris sensor is “unrealistic,” and that it would require a “camera that can capture infrared light” and a photo of the owner’s iris. “It is difficult for the whole scenerio to happen in reality.”

Please enable Javascript to view this content

It was a little more challenging than it looks. In a blog post, CCC spokesperson Dirk Engling conceded that most selfies won’t fool the Galaxy S8’s iris scanner — a hacker would have to capture a person’s iris with a digital camera in night-shot mode or the infrared filter removed.

Related

“In the infrared light spectrum — usually filtered in cameras — the fine, normally hard to distinguish [sic] details of the iris of dark eyes are well recognizable,” Engling wrote. “[We were] able to demonstrate that a good digital camera with 200mm-lens at a distance of up to five meters is sufficient to capture suitably good pictures to fool iris recognition systems.”

Still, the CCC’s workaround would appear to contradict Samsung and Princeton Identity’s messaging. In marketing materials, Samsung’s highlighted the Galaxy S8’s iris scanner as a “secure” alternative to PINs and passcodes. In an interview with Business Insider in April, Princeton CEO Mark Clifton characterized the Galaxy S8’s iris scanner as “better” than the FBI’s fingerprinting technology.

“[The FBI] uses 13 points of identification per fingerprint, so with all 10 finger you might have 130 unique identifiers,” Clifton said. “[The] Galaxy S8’s iris scanner can register up to 200 identifying features from a single iris.”

It is not the first time the CCC has demonstrated flaws in iris-scanning technologies. In March, the group fooled a commercial system with a 75-pixel image of an iris printed at a resolution of 1,200 dpi (dots per inch).

“If you value the data on your phone, and possibly want to even use it for payment, using the traditional PIN-protection is a safer approach than using body features for authentication,” Engling said.

Article originally published on 05-23-2017. Updated on 05-25-2017 by Kyle Wiggers: Added statement from Samsung spokesperson. 

Editors’ Recommendations

Topics
Kyle Wiggers
Kyle Wiggers
Former Digital Trends Contributor
Kyle Wiggers is a writer, Web designer, and podcaster with an acute interest in all things tech. When not reviewing gadgets…
Samsung may have made a horrible decision with the Galaxy S24
The Samsung Galaxy S24 standing upright next to the Galaxy S24 Plus.

The big Android dogs from Samsung  —the Galaxy S24 series — are out to challenge the smartphone supremacy crown in 2024. There are minor design improvements, a faster chip, a slightly tweaked camera, a big jump in thermal management capacity, and loads of AI hype around them.

Some of those AI features come courtesy of Qualcomm’s Snapdragon 8 Gen 3 for Galaxy silicon, while others are built in-house or with some help from Google. But behind the scenes, Samsung has again employed a controversial two-chip sales formula.

Read more
There’s something Samsung didn’t tell you about the Galaxy S24
The Samsung Galaxy S24 Ultra in its launch colors.

“Look, dude, I don’t know how they are going to manage the costs of licensing from AI companies and cloud partnerships, among other associated factors. Nothing comes free.” That’s what a machine learning engineer told me a few days ago when I explained to him how Qualcomm and MediaTek are bringing some neat generative AI tricks to phones.

Well, Samsung has confirmed those fears and quietly dropped the bombshell that at least some of its snazzy AI tricks for the Galaxy S24 series phones will eventually ask you to cough up some cash. That’s going to happen next year, but we don’t know how much you'll have to pay and in what way — at least not right now.

Read more
The Galaxy S24 is stealing one of my favorite Google Pixel 8 features
Someone holding the Samsung Galaxy S24 with the display turned on.

We're barely two weeks into 2024, but it's already time to talk about three of the biggest smartphone releases of the entire year. Samsung has officially announced the Galaxy S24 family, including the typical trio of phones. This year, it's the Galaxy S24, S24 Plus, and S24 Ultra.

There's plenty to discuss with these phones — from the refined designs to Samsung's new Galaxy AI features. But there's another detail I want to shine the spotlight on, one that was barely mentioned during my pre-briefing with Samsung. We're talking about software updates.

Read more