Samsung Galaxy S8 Iris Scanner Hacked In Three Simple Steps

4 years, 6 months ago - May 25, 2017
Samsung Galaxy S8 Iris scanner

Samsung Galaxy S8 Iris scanner

A video showing how to defeat Samsung's iris scanner has appeared online. It seems almost implausible that this would be enough to get around security that Samsung claims is 100 times more secure than fingerprints.

However the video is quite clear about the method used, and there's enough stuff within that either shows amazing attention to detail for trolls, or a legitimate way to fool the S8's iris scanner.

The exploit uses the following components. First of all you need a camera that can capture infrared light. In the video an old Sony camera is used, these models had a nightshot mode that allowed you to capture images using the same sort of tech as night vision goggles. Once you've got a good photo of the user's eyes, you can then print that out using a laser printer. In the video they use a Samsung printer, which feels like rubbing salt in the wound somewhat.

The printout needs to be a specific size because the next step requires you place a contact lens over the image. According to the group that discovered this workaround, this gives the iris scanner the curvature it's expecting from a real eye, while you present it with a flat, 2D image.

I don't currently have the equipment needed to duplicate this process, so I can't confirm if it works as suggested. Naturally, I asked Samsung if it could take a look at the video and either confirm that it was a hoax, or look into the matter and get back to me. A spokesperson replied:

"We are aware of the issue, but we would like to assure our customers that the iris scanning technology in the Galaxy S8 has been developed through rigorous testing to provide a high level of accuracy and prevent attempts to compromise its security, such as images of a person’s iris. If there is a potential vulnerability or the advent of a new method that challenges our efforts to ensure security at any time, we will respond as quickly as possible to resolve the issue."

That doesn't exactly suggest that the video is a hoax. It may also suggest that Samsung will be able to make changes to the software that might make this harder to use in future.

So what then? Well, obviously the security of both iris scans and fingerprints can be circumvented. In reality, for most people, it's not an issue. You don't tend to let others near your phone unattended so they would be unlikely to break in. Secondly, you might be suspicious about someone taking a photo with an ageing Sony camera

That said quite a lot of cameras can be modified to have their IR filter removed. This might not be entirely obvious to the person having their photo taken. So if someone has a good IR photo of you and access to your phone then they may well be able to get in. This doesn't mean that your phone is unprotected from the sort of casual unauthorised access we are all most worried about.

If security is important, the best advice is always to stick with a good passcode on your phone and device encryption. For most of us the risks are low enough here to ignore the problem. That might, or might not be wise but biometrics do at least offer some form of security that's low impact and reasonably secure.

 

Text by Forbes

We also recommend

Tags Cloud
2010accidentsadvertisingAfrAsiaafricaagroAir Franceair mauritiusAirlinesairportairway coffeeAlvaro SobrinhoamazonAmeenah Gurib-FakimAMLandroidApollo Bramwellappleappointmentsappsarrestasiaauditaudit reportaustraliaaviationawardsBABagatelleBAIBangladeshbankbanksbarclaysbeachbeachesBeau Bassin-Rose HillbetamaxBOIboko haramBollywoodBOMbombingbpmlBPOBramer BankbrazilbrexitbudgetBusinessCanadacanecareercareer tipscasinoCCIDCCMCEBcementChagosCHCchinaCIELcigarettesconferenceConfinementCongoconstructioncontestCoronaviruscorruptionCourtCourtscouvre-feuCOVID-19CPBCPEcreativitycrisiscruise shipsCSOCT PowerCultureCurepipecustomerscustomsCWAcyclonedamDawood RawatDBMdeficitdenguedevelopmentdoctorsDomaine les PaillesDPPdrug traffickingdrugsDTAADuty FreeearthquakeebolaecoécoleseconomyEducationEgyptelectionselectoral reformelectricityEmiratesEmtelenergyENLentrepreneurshipEUEuropeeventsexamexamsexpoexportfacebookfairfarmersfeeFIFA World CupfinancefinancesFirefishfishingFlacqFlic-en-FlacFloodsfoodFootballforecastforeign workersFrancefraudfruitsFSCfuelfunnyGAARgamblinggamesgazaGermanygooglegovernmentGRAgreengreen energyhackershajjhawkershealthhealthcareHeritage Cityhistoryholidayshorse racingHospitalhotelhotel businesshotelshow toHRHRDCHSBCHSCIBLICACICTICTAID cardillegal fishingIMFimportindiaIndian OceanIndonesiainflationinfrastructureinnovationsinsuranceinternetInterviewinterview tipsinvestmentinvestmentsiosiPadiphoneiraniraqIRSISISisraelITItalyjapanJin FeijobjobsjournalismKenyalandlawlawslayoffsleadershipLepeploanslocal governmentLockdownlotteryLRTLufthansaMadagascarmalaysiamalaysia airlinesmanagementmanagement tipsmanufacturingmarketmarketingmarketsMauBankMauritiansmauritiusMBCMCBMCCImeccaMedical CouncilmedicamentsmedicineMedPointmeetingMEFMESMetro ExpressMEXAMicrosoftMIDMIEmigrationminimum salaryminimum wagemlMMMmoneymoney launderingmotivationmoviesMozambiqueMPAMPCMPCBMRAMSCMSMMTMTCMTPAMusicMV BenitaNandanee SoornackNarendra ModinatureNavin RamgoolamNavind KistnahNCBNDUnetworkingNew Mauritius HotelsNHDCNigeriaNobel Prizenorth koreaNTCNWCCofficialsoffshoreoilOlympic GamesOmnicaneorangeOUMPakistanpalestineparliamentPaul BérengerPhilippinesPhoenix Beveragespicture of the daypiracyplagePMPMOpmsdPNQpolicepoliticsportPort LouisPort-LouisPravind JugnauthPRBpricepricesproblemprostitutionprotestspsacPSCpsychologyPTRpublic servicequatre-bornesrainsRakesh Gooljauryratingsreal estatereformsrepo rateRESrestaurantsresultresultsReunionriceroadsRoches-Noires caseRodriguesRogersRose-HillRoshi BhadainRussiaSAJsalariessalarysalessamsungsaudi arabiasbmSCscamscandalscholarshipsSchoolschoolssciencesecuritySeychellessharksshootingshoppingshopping mallSICsicomsingaporeSITskillssmart citysmartphonesSMeSMEDASobrinho casesocial mediasocial networks & messengerssolar energysouthsouth africasouth koreasportSportsstartupsstatisticsstatsSTCstrategystreet vendorsstrikestudysuccesssugarSun Tan caseSunkai casesyriaTAtabletsTanzaniataxtax heaventaxesteaTECtechnologytelecomterrorismtextilethailandthefttime managementtipstourismtradingtrainingstransporttrendstunaTurfTurkeyTVtyphoonukukraineunemploymentunionsuniversityuomUSUTMvacanciesVacoas Popular Multipurpose Cooperative SocietyVacoas-Phoenixvarma casevegetablesVideo of the DayvisaVishnu LutchmeenaraidooWaterWaterparkWeatherWhitedot Casewi-fiWMAWorld BankXavier-Luc DuvalYEPzimbabwe