If you bought a Samsung Galaxy S8 for the security that the iris scanner provided you, then you may have to rethink that decision. Motherboard is reporting that hackers have used a fake iris to bypass the phone’s security:
Despite Samsung stating that a user’s irises are pretty much impossible to copy, a team of hackers has done just that. Using a bare-bones selection of equipment, researchers from the Chaos Computer Club (CCC) show in a video how they managed to bypass the scanner’s protections and unlock the device. “We’ve had iris scanners that could be bypassed using a simple print-out,” Linus Neumann, one of the hackers who appears in the video. The process itself was apparently pretty simple. The hackers took a medium range photo of their subject with a digital camera’s night mode, and printed the infrared image. Then, presumably to give the image some depth, the hackers placed a contact lens on top of the printed picture.And, that’s it. They’re in.
So, why does this work? Here’s my guess. I am guessing that the S8 is only checking for the pattern of the iris and it has no ability to tell if it is a real eye or not. Thus it is easily pwnable. If any of this sounds familiar, it should. The facial recognition in the S8 can be fooled in the same manner. And according to Motherboard, the fingerprint scanner has been pwned too. Samsung hasn’t commented on this, but it will be interesting to see what they do to fix this as this was a key selling feature for the phone.
Related
This entry was posted on May 23, 2017 at 2:21 pm and is filed under Commentary with tags Samsung, Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Samsung Galaxy S8 Iris Scanner Security Pwned By Hackers
If you bought a Samsung Galaxy S8 for the security that the iris scanner provided you, then you may have to rethink that decision. Motherboard is reporting that hackers have used a fake iris to bypass the phone’s security:
Despite Samsung stating that a user’s irises are pretty much impossible to copy, a team of hackers has done just that. Using a bare-bones selection of equipment, researchers from the Chaos Computer Club (CCC) show in a video how they managed to bypass the scanner’s protections and unlock the device. “We’ve had iris scanners that could be bypassed using a simple print-out,” Linus Neumann, one of the hackers who appears in the video. The process itself was apparently pretty simple. The hackers took a medium range photo of their subject with a digital camera’s night mode, and printed the infrared image. Then, presumably to give the image some depth, the hackers placed a contact lens on top of the printed picture.And, that’s it. They’re in.
So, why does this work? Here’s my guess. I am guessing that the S8 is only checking for the pattern of the iris and it has no ability to tell if it is a real eye or not. Thus it is easily pwnable. If any of this sounds familiar, it should. The facial recognition in the S8 can be fooled in the same manner. And according to Motherboard, the fingerprint scanner has been pwned too. Samsung hasn’t commented on this, but it will be interesting to see what they do to fix this as this was a key selling feature for the phone.
Share this:
Like this:
Related
This entry was posted on May 23, 2017 at 2:21 pm and is filed under Commentary with tags Samsung, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.