You Can Hack the S8 Iris Scanner with Just a Printed Iris

A selfie, a printed paper, a contact lens. That’s all it takes to fool the supposedly secure iris scanner on the S8.

German hackers Chaos Computer Club (CCC) posted that they have found way to break the iris scanner – and it’s not even using codes. “With a simple to make dummy-eye the phone can be fooled into believing that it sees the eye of the legitimate owner.”

With Samsung’s integration of the various security with other features including Samsung Pay – it could be tricky to secure those platforms. Anyone who has a photo of the legitimate owner could have access to the mobile wallet too.

Samsung Galaxy S8 is the first flagship smartphone with iris recognition. The manufacturer of the biometric solution is Princeton Identity.

“If you value the data on your phone – and possibly want to even use it for payment – using the traditional PIN-protection is a safer approach than using body features for authentication”, says Dirk Engling, spokesperson for the CCC.

Previously, the fingerprint sensor on iPhone’s Touch ID was easily defeated by CCC member and biometrics security researcher starbug.  “The security risk to the user from iris recognition is even bigger than with fingerprints as we expose our irises a lot. Under some circumstances, a high-resolution picture from the internet is sufficient to capture an iris”, Engling added.

The CCC wrote that “The easiest way for a thief to capture iris pictures is with a digital camera in night-shot mode or the infrared filter removed. In the infrared light spectrum – usually filtered in cameras – the fine, normally hard to distinguish details of the iris of dark eyes are well recognizable. Starbug was able to demonstrate that a good digital camera with 200mm-lens at a distance of up to five meters is sufficient to capture suitably good pictures to fool iris recognition systems.”

Ironically, they got the best results with laser printers made by Samsung. To emulate the curvature of a real eye’s surface, a normal contact lens is placed on top of the print.

Below is a video showing a demo of the hack.

Share this post:

Comment what you think!