Samsung Galaxy S8 Iris Scanner Security Pwned By Hackers

If you bought a Samsung Galaxy S8 for the security that the iris scanner provided you, then you may have to rethink that decision. Motherboard is reporting that hackers have used a fake iris to bypass the phone’s security:

Despite Samsung stating that a user’s irises are pretty much impossible to copy, a team of hackers has done just that. Using a bare-bones selection of equipment, researchers from the Chaos Computer Club (CCC) show in a video how they managed to bypass the scanner’s protections and unlock the device. “We’ve had iris scanners that could be bypassed using a simple print-out,” Linus Neumann, one of the hackers who appears in the video. The process itself was apparently pretty simple. The hackers took a medium range photo of their subject with a digital camera’s night mode, and printed the infrared image. Then, presumably to give the image some depth, the hackers placed a contact lens on top of the printed picture.And, that’s it. They’re in.

So, why does this work? Here’s my guess. I am guessing that the S8 is only checking for the pattern of the iris and it has no ability to tell if it is a real eye or not. Thus it is easily pwnable.  If any of this sounds familiar, it should. The facial recognition in the S8 can be fooled in the same manner.  And according to Motherboard, the fingerprint scanner has been pwned too. Samsung hasn’t commented on this, but it will be interesting to see what they do to fix this as this was a key selling feature for the phone.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: