A German hacker group called the Chaos Computer Club (CCC) released a video showing how easy it is to fool the Galaxy S8’s iris scanner.
The CCC was able to use everyday items like a camera, a regular printer, and contact lenses to unlock a Galaxy S8 using its iris scanner, which is an alternative to the fingerprint sensor.
Back in April, the company behind the Galaxy S8’s iris scanning technology claimed it was safer than the FBI’s fingerprinting technology. While that may be true, it’s still not secure enough to deter a determined thief or hacker.
I’ve contacted Samsung about the trick, but haven’t yet received any comment or official statement.
See how the CCC did it:
According to the CCC, you simply need to take a picture of a Galaxy S8 owner’s face with a camera’s “night mode” activated.
As you can see from the screenshot above, as well as the video caption, you don’t need to be too close to take a picture for the hack.
For the hack to work, you need to take the picture using a camera’s “night mode” so that it uses the camera’s infrared flash.
Next, the CCC printed a zoomed-in image of the subject’s eye on a Samsung printer.
I should note that the image that’s being printed doesn’t appear to be from the same photo taken at the beginning of the video, or the previous screenshot above. With that in mind, it’s not clear whether a photo taken from a medium distance is actually sufficient for the trick.
Then, a member of the CCC placed a contact lens on the printed image of the subject’s eye.
It’s not clear from the video exactly why the CCC added the contact lens, but it’s presumably used to mimic the rounded curvature of an eye.