Story image

Hackers run circles around Samsung's iris scanner security

24 May 17

Hackers have shown that no phone security is unbreakable, it seems.

Researchers at the Chaos Computer Club claim to have bypassed the iris scanner on Samsung's newest flagship phone, the Samsung Galaxy S8. How did they do it? It wasn’t exactly the kind of hacking you see in the Fast and Furious franchise. Using a simple photo of a person's iris and an ordinary contact lens, they cruised right through Samsung’s hyped up biosecurity system.

Samsung's "airtight" (according to them) iris scanner is included on the Galaxy S8 as an alternative form of biometric security in addition to the built-in fingerprint sensor.

Galaxy S8 users can choose to set up the iris scanner, which is more secure than the facial recognition system, to unlock the phone or authenticate Samsung Pay mobile payments.

The most significant advantage to using an iris scanner compared to face recognition is that ordinary photos normally can't fool it. An ordinary photo doesn't contain the unique patterns in a person's eyes that can only be detected with an infrared sensor.

The hackers used a "good digital camera with 200mm-lens at a distance of up to five meters" to take a photo of a person's eye. The camera was switched to its "night mode" in order to capture the unique patterns of the iris.

The image of the iris was then printed on a Samsung laser printer (no, seriously) and a contact lens was placed on top to give it depth.

The hackers registered a person's iris on the S8 and then tested the fake iris. It obviously worked, and the security system was easily duped.

While simple, the hacking required some trial and error.

Chaos Computer Club’s Jan Krissler says they tested three printers, printing five to ten variations per printer, before they got a positive with a Samsung laser printer. The printout of the iris worked out to "80 pixel iris diameter."

"The Samsung model was a standard consumer product, around 250 Euro. We tested multiple prints on multiple kinds of paper. All of them worked. It worked instantly after we found the working printer,” he says.

There isn’t much cause for alarm, as the probability of this happening to a Galaxy S8 user is very low. I can’t imagine that many people have photos of their eyes, captured in night mode, chilling on social media or on other publicly available sites.

Samsung commented on the hack.

"We are aware of the issue, but we would like to assure our customers that the iris scanning technology in the Galaxy S8 has been developed through rigorous testing to provide a high level of accuracy and prevent attempts to compromise its security, such as images of a person’s iris. If there is a potential vulnerability or the advent of a new method that challenges our efforts to ensure security at any time, we will respond as quickly as possible to resolve the issue."

IDC: Smartphone shipments ready to stabilise in 2019
IDC expects year-over-year shipment growth of 2.6% in 2019, while the world's largest market is still forecast to be down 8.8% in 2018.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
New app conducts background checks on potential tenants
Landlords and house owners need to obtain a tenant’s full name, date of birth, email address, and mobile number in order to conduct the search. And most importantly, they have to get the tenant’s permission first.
GirlBoss wins 2018 YES Emerging Alumni of the Year Award
The people have spoken – GirlBoss CEO and founder Alexia Hilbertidou has been crowned this year’s Young Enterprise Scheme (YES) Emerging Alumni of the Year.
IDC: Standalone VR headset shipments grow 428.6% in 3Q18
The VR headset market returned to growth in 3Q18 after four consecutive quarters of decline and now makes up 97% of the combined market.
Meet Rentbot, the chatbot that can help with tenancy law
If you find yourself in a tricky situation  - or if you just want to understand your rights as a landlord or tenant, you can now turn to a chatbot for help.
PlayerUnknown’s Battlegrounds (PUBG) finally releases on PS4
PUBG on PS4 feels like it’s still in Early Access as the graphics look horribly outdated and the game runs poorly too. 
How AI can fundamentally change the business landscape
“This is an extremely interesting if not pivotal time to discuss how AI is being deployed and leveraged, both in business and at home.”