Samsung Galaxy S8 Iris Scanner Tricked By Chaos Computer Club Hacker Group

German hackers have defeated the iris-recognition feature on Samsung’s Galaxy S8 smartphone, fooling the scanner with a dummy eye.

Members of the Chaos Computer Club hacker group posted a video demonstrating how they can create a fake eye that tricks the iris-recognition capabilities in Samsung’s latest smartphone into thinking it is seeing the actual eye of a registered user.

Samsung iris scanner hack

To bypass the feature designed to offer an alternative to securely accessing the Galaxy S8 that does not involve using a fingerprint scanner or password, the hackers first took a photo of the registered user’s face at medium distance using a digital camera.

From there they printed out an image zoomed into the smartphone user’s eye, somewhat ironically using a Samsung laser printer.

With the image on a sheet of paper, the hackers then put a contact lens over the iris of the printed eye picture to simulate the curvature of an eye.

When the dummy eyre was held up to the front facing camera of a locked Galaxy S8, the Android smartphone unlocked due to it bewing tricked into thinking the fake eye was that of its user.

The hackers noted that images could be taken from social media and used to create a dummy eye in the same fashion.

To carry out the hack, one would need access to a users phone and have a picture of them where they could zoom into the owner’s  eye at a certain resolution.

As such, the hack may not be the most practical for phone thieves, as they would either have to stealthily snap a picture of the owner or be aware of their identity enough to track pictures of them down.

Chaos Computer Club did note that clear pictures of irises can be achieved with cameras in night-shooting modes,

In a statement sent to Silicon, a Samsung spokesperson noted that the company has developed it iris scanner to be as robust as possible and that it will look into any highlighted vulnerabilities.

“We are aware of the issue, but we would like to assure our customers that the iris scanning technology in the Galaxy S8 has been developed through rigorous testing to provide a high level of accuracy and prevent attempts to compromise its security, such as images of a person’s iris. If there is a potential vulnerability or the advent of a new method that challenges our efforts to ensure security at any time, we will respond as quickly as possible to resolve the issue,” the spokesperson said.

However, the hack does highlight that various biometric security features are not as robust as their creators might like.

“If you value the data on your phone – and possibly want to even use it for payment – using the traditional PIN-protection is a safer approach than using body features for authentication,” said Dirk Engling, a spokesperson for the Chaos Computer Club.

We would argue that savvy phone thieves could snatch a glace at a person putting in a PIN number likely more easily than creating a dummy eye.

But with fingerprint scanners also unable to offer infallible phone security, it would appear that the best bet to securing your phone is to not to completely put your faith in any one security option and make sure you handset remains close to your person when in public areas and out of easy view and reach of potential thieves.

Do you know all about biometric technology? Take our quiz!

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

SpaceX Polaris Dawn Crew Carry Out First Commercial Spacewalk

Billionaire Jared Isaacman and SpaceX’s Sarah Gillis become first non-professional astronauts to carry out risky…

16 hours ago

Government To Classify UK Data Centres As Critical Infrastructure

Data centres in the UK are to designated as Critical National Infrastructure (CNI), alongside energy…

17 hours ago

Irish Watchdog Launches Inquiry Into Google AI Model

Google's protection of EU users' personal data when training its AI model, is under investigation…

19 hours ago

Robot To Retrieve Fuel From Fukushima Nuclear Plant

Two week mission for robot to retrieve sample of melted fuel debris from inside one…

21 hours ago

OpenAI Valued At $150Bn In Funding Talks – Report

More cash required. Latest funding talks with investors reportedly values AI startup OpenAI at $150…

22 hours ago

LUMI – The Most Powerful Supercomputer In Europe

Silicon tours the facilities housing Europe's most powerful supercomputer, and the fifth most powerful supercomputer…

23 hours ago