Even before the Samsung Galaxy S8 was officially launched, hackers found a way to bypass its facial recognition system. Now, hackers of the Chaos Computer Club in Germany have managed to fool the iris recognition system on Samsung’s latest flagship as well.
Fooling the facial recognition on the Galaxy S8 was not a big deal since it was proved before as well that it could be easily fooled. Even Samsung knew that the facial recognition was not safe enough which is why it never used it for authorising Samsung Pay transactions.
However, Samsung says that the iris scanner is one of the safest ways to keep the Galaxy S8 locked since every individual has a unique iris. The company even uses the iris scanner for authorisation purposes in Samsung Pay.
To fool the iris scanner, the hacker first obtained a high-quality photo of the iris of the individual using a 200mm lens from a distance of up to five meters. Then, depending on if any adjustment to the contrast or brightness, the photos is printed following which a contact lens is placed on top of it. This way, the photo now mimics a real eye and when placed in front of the iris scanner of the Galaxy S8, the device automatically unlocked itself.
The easiest way for a thief to capture iris pictures is with a digital camera in night-shot mode or the infrared filter removed. In the infrared light spectrum – usually filtered in cameras – the fine, normally hard to distinguish details of the iris of dark eyes are well recognizable. Starbug was able to demonstrate that a good digital camera with 200mm-lens at a distance of up to five meters is sufficient to capture suitably good pictures to fool iris recognition systems.
By far, the most expensive thing in the process was to get hands on the Galaxy S8, with almost everyone having the ability to gain access to a digital camera and contact lens easily. Compared to fooling the fingerprint scanner, the process of bypassing the iris scanner on the Galaxy S8 certainly seems easier.