December 24, 2024
Samsung Galaxy S8 Iris Scanner Bypassed With a Just a Photo and a Contact Lens [Video]

Samsung Galaxy S8 Iris Scanner Bypassed With a Just a Photo and a Contact Lens [Video]

Posted May 24, 2017 at 11:24pm by iClarified
The Chaos Computer Club has demonstrated how to bypass the Galaxy S8 Iris Scanner with just a printed photo and a contact lens.

Samsung claims "Iris authentication is one of the safest ways to keep your phone locked and its contents private" but after watching this video, you'll likely disagree.

Iris recognition may be barely sufficient to protect a phone against complete strangers unlocking it. But whoever has a photo of the legitimate owner can trivially unlock the phone. "If you value the data on your phone – and possibly want to even use it for payment – using the traditional PIN-protection is a safer approach than using body features for authentication", says Dirk Engling, spokesperson for the CCC. Samsung announced integration of their iris recognition authentication with its payment system "Samsung Pay". A successful attacker gets access not only to the phone’s data, but also the owner’s mobile wallet.


The security risk with iris based authentication is even worse than fingerprint scanners like Apple's Touch ID which is also easily bypassed. CCC says that Samsung's iris scanner can be circumvented with high resolution pictures from the Internet or with a photo taken by a good digital camera with a 200mm lens from up to five meters away. You'll need to shoot with the infrared filter removed for usable results.

Security researcher Starbug printed the iris picture using a laser printer, ironically getting the best results with laser printers made by Samsung. Then, to emulate the curvature of a real eye's surface, a contact lens is placed on top of the print. This is enough to fool the system.

Take a look at the hack in action below...

Read More



Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
iClarified Icon
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments (15)
You must login or register to add a comment...
Great!
Great! - May 26, 2017 at 5:46pm
Android users beware of the cloak and dagger!!
Mang Domeng
Mang Domeng - May 25, 2017 at 3:27pm
S8 owners! You've been scammed! Iris scanner is just a gimmick! Don't worry it will be improved in the next S9 update. It will shoot laser in your eyes to be more accurate (as they'll claim) and the time you realize it works, you're already blind! Hahaha!
DamianMarkx
DamianMarkx - May 25, 2017 at 2:35pm
I was interested in the post until I saw that it had a link to a 2013 post. If it was so easy to bypass the TouchID how come government agencies pay thousands and take manufacturers to court because they can't get devices unlocked? I'm sure they have the tech, in some cases they have the dead person and thereby their fingers. Jus sayin'
Gabe
Gabe - May 25, 2017 at 10:13am
Once again, Samsung fails. Miserably.
Noman
Noman - May 25, 2017 at 7:06am
How about Simsamg that explodes if wrong photo of eye is shown? Perfect scare for thieves or do these toys even get stolen....?
Yayaya
Yayaya - May 25, 2017 at 3:04am
As I've been saying for years. Samsung always tries to rush these features and they completely suck.
notme
notme - May 25, 2017 at 1:20am
nut scanner? anyone? evryone nuts are differents
PaulieP
PaulieP - May 25, 2017 at 12:59am
I love that he's using a Mac and he has a Samsung. Great job
Mang Domeng
Mang Domeng - May 25, 2017 at 3:32pm
It will be his last Samsung after learning the features his phone has was just a gimmick!
Daniel
Daniel - May 25, 2017 at 12:37am
Samsung must come out for recall
gamerscul9870
gamerscul9870 - May 25, 2017 at 12:19am
When you think about it, this is a much easier way to bypass than the fingerprint scanner considering how you could save a copy of photos from social networking and using them to unlock the phone compared to fingerprint scanner because with a fingerprint, you have to be lucky to get control of someone's hand.
JollySonX
JollySonX - May 25, 2017 at 8:34am
If you follow the link to bypassing the finger print scanner and watch that video, he didn't have access to the hand he scanned the phones screen and pulled a finger print off of that, granted he then had to etch it on to a pcb, and many people don't have access to that sort of tech on a general day to day basis, although I wouldn't be surprised if there was another way of doing it
Bounty 209
Bounty 209 - May 24, 2017 at 11:36pm
Soooo... Someone that wants to steal a gs8 has to... Take a picture of you... Nab your phone... Print your pic... Then unlock said phone? Seems like a waste of time.
Ok
Ok - May 25, 2017 at 12:11am
That's not the point.
PaulieP
PaulieP - May 25, 2017 at 1:02am
Social media has photos, print the picture, contact lenses are at CVS, now you can get into somebody's phone and access their passwords and everything. Seems pointless to you but not to someone trying to access information. Just because you're poor does not mean someone will try to do this to someone who has money and possibly information on their phone that will lead to accessing that money. I hope that shed some light as to why this is a serious security flaw/issue.
Recent. Read the latest Apple News.
RECENT
Tutorials. Help is here.
TUTORIALS
Where to Download macOS Sequoia
Where to Download macOS Ventura
AppleTV Firmware Download Locations
Where To Download iPad Firmware Files From
Where To Download iPhone Firmware Files From
Deals. Save on Apple devices and accessories.
DEALS