The Chaos Computer Club recently posted a video showing how they fooled the iris scanner on Samsung's new flagship phone. The group said that standard PIN systems are more secure.
The Samsung Galaxy S8's iris scanner, which unlocks the phone by scanner a user's eyes, can be easily fooled by hackers, the Chaos Computer Club (CCC) wrote in a blog post on Monday.
CCC member starbug demonstrated the method used to unlock the device in a short video posted on Tuesday. The iris scanner works with infrared light, so a picture is taken of the user's face using a digital camera in night mode.
The infrared picture of the user's eye is then printed out on a laser printer. A contact is placed over the eye and it can then be used to unlock the phone.
"Iris recognition may be barely sufficient to protect a phone against complete strangers unlocking it," the post said.
Being that the iris recognition can also be used with Samsung Pay, this means that hackers could steal money or make fraudulent purchases as well, the post said. Dirk Engling, spokesperson for the CCC, said that traditional methods may be more secure.
"If you value the data on your phone - and possibly want to even use it for payment - using the traditional PIN-protection is a safer approach than using body features for authentication," Engling said in the post.
While the Galaxy S8 is one of the first premium handsets to include iris recognition, the feature could come to many more phones in the future. Engling also noted in the release that a high-resolution picture from the internet could be sufficient to capture a proper iris. So a public social media profile could compromise a Samsung Galaxy S8 user if they were to lose their phone.
The iris scanner wasn't the only biometric security measure the CCC team was able to bypass. In 2013, the team said they were able to bypass Apple's Touch ID as well.
The 3 big takeaways for TechRepublic readers
- The Chaos Computer Club recently posted a video showing how they fooled the iris scanner on Samsung's new flagship phone.
- The club used a night-mode photo and a contact lens to fool the system and gain access to the device.
- The club said that the traditional PIN system for locking one's phone is a safer method than the iris scanner.
- Samsung Galaxy S8: The professional review (TechRepublic)
- Samsung's Galaxy S8 apps are better than the Google alternatives (ZDNet)
- Review: Samsung Galaxy S8 makes every other phone feel like a cinder block (TechRepublic)
- Samsung's Galaxy S8 does DeX: Is it a Chromebook challenger or virtual desktop play? (ZDNet)
- Information security policy template (Tech Pro Research)