Samsung Galaxy S8 Iris Scanner Bypassed With a Just a Photo and a Contact Lens [Video]

Samsung Galaxy S8 Iris Scanner Bypassed With a Just a Photo and a Contact Lens [Video]

Posted by · 12983 views · Translate

The Chaos Computer Club has demonstrated how to bypass the Galaxy S8 Iris Scanner with just a printed photo and a contact lens.

Samsung claims "Iris authentication is one of the safest ways to keep your phone locked and its contents private" but after watching this video, you'll likely disagree.

Iris recognition may be barely sufficient to protect a phone against complete strangers unlocking it. But whoever has a photo of the legitimate owner can trivially unlock the phone. "If you value the data on your phone – and possibly want to even use it for payment – using the traditional PIN-protection is a safer approach than using body features for authentication", says Dirk Engling, spokesperson for the CCC. Samsung announced integration of their iris recognition authentication with its payment system "Samsung Pay". A successful attacker gets access not only to the phone’s data, but also the owner’s mobile wallet.

The security risk with iris based authentication is even worse than fingerprint scanners like Apple's Touch ID which is also easily bypassed. CCC says that Samsung's iris scanner can be circumvented with high resolution pictures from the Internet or with a photo taken by a good digital camera with a 200mm lens from up to five meters away. You'll need to shoot with the infrared filter removed for usable results.

Security researcher Starbug printed the iris picture using a laser printer, ironically getting the best results with laser printers made by Samsung. Then, to emulate the curvature of a real eye's surface, a contact lens is placed on top of the print. This is enough to fool the system.

Take a look at the hack in action below...

Read More

Great! - May 26, 2017 at 5:46pm
Android users beware of the cloak and dagger!!
Mang Domeng - May 25, 2017 at 3:27pm
S8 owners! You've been scammed! Iris scanner is just a gimmick! Don't worry it will be improved in the next S9 update. It will shoot laser in your eyes to be more accurate (as they'll claim) and the time you realize it works, you're already blind! Hahaha!
DamianMarkx - May 25, 2017 at 2:35pm
I was interested in the post until I saw that it had a link to a 2013 post. If it was so easy to bypass the TouchID how come government agencies pay thousands and take manufacturers to court because they can't get devices unlocked? I'm sure they have the tech, in some cases they have the dead person and thereby their fingers. Jus sayin'
Gabe - May 25, 2017 at 10:13am
Once again, Samsung fails. Miserably.
D4xM4Nx - May 25, 2017 at 7:52am
The new level of stupid Samsung reaches every new year is staggering... WTF maybe they need to try the fart scanner, hard to duplicate and much less to mimic the.. huh.. smell Hahahaha :P
13 More Comments