We already knew that the Galaxy S8's facial unlock feature could be easily fooled with just a simple photograph of the device owner, but now hackers have also discovered a simple way to bypass the iris-based authentication, which Samsung wants you to think is unbeatable.
All it took for German hacking group Chaos Computer Club (CCC) to break the Galaxy S8's iris-recognition system was nothing but a camera, a printer, and a contact lens.
The white hat hacking group also published a video showing how to defeat Samsung's iris scanner.
Video Demonstration — Bypassing Iris Scanner
Since the iris scanner uses infrared light, the group then printed out a real-life sized infrared image of one eye using a Samsung printer and placed a contact lens on the top of the printed picture to provide some depth. And, it was done.
The Samsung Galaxy S8 instantly recognized the mare photo as being a "real" human eye and unlocked the phone, giving hackers full access to the phone, including Samsung Pay.
Zero Trust + Deception: Learn How to Outsmart Attackers!
Discover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy. Join our insightful webinar!Save My Seat!
So, the hackers successfully bypassed Galaxy S8's iris-based authentication, which Samsung claims is "one of the safest ways to keep your phone locked."
"The patterns in your irises are unique to you and are virtually impossible to replicate, meaning iris authentication is one of the safest ways to keep your phone locked and the contents private," Samsung's official website reads.Here's what Samsung said about the iris-recognition system hack:
"We are aware of the issue, but we would like to assure our customers that the iris scanning technology in the Galaxy S8 has been developed through rigorous testing to provide a high level of accuracy and prevent attempts to compromise its security, such as images of a person's iris. If there is a potential vulnerability or the advent of a new method that challenges our efforts to ensure security at any time, we will respond as quickly as possible to resolve the issue."This is not the first time when CCC hacked into biometric systems. Late 2014, the group recreated an accurate thumbprint a fingerprint of a Germany's federal minister of defense using a standard photo that could fool any fingerprint security systems. The same technique the group also claimed could be used to fool IRIS Biometric security systems.
In March 2013, the CCC group managed to fool Apple's TouchID fingerprint authentication system.
So, it is a good reminder for people to always stick on a strong passcode and device encryption to secure their devices, instead of relying on biometric features, like fingerprint scan, IRIS scan, or facial recognition, that can eventually be broken by a determined hacker.