Galaxy S8 Iris Scanner Hacked with Camera and Contact Lens

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,000
This week, a group of hackers called the Chaos Computer Club demonstrated a method for bypassing the Galaxy S8’s Iris Scanner: a printed photo of a user’s eye (taken with an infrared camera) could be combined with a contact lens to unlock the device. Samsung was quick to take notice and have already downplayed the finding by suggesting that it would be pretty difficult for someone to get a high-resolution photo of your iris. I guess they are right, but it is still amusing to see modern biometrics getting cracked.

“We were aware of the report, but would like to assure our customers that the iris scanning technology in the Galaxy S8 has been developed through rigorous testing to provide a high level of accuracy and prevent against attempts to compromise its security, such as images of a person’s iris,” Samsung says in a statement sent to NFC World. “The reporter’s claims could only have been made under a rare combination of circumstances. It would require the unlikely situation of having possession of the high-resolution image of the smartphone owner’s iris with IR camera, a contact lens and possession of the smartphone at the same time.”
 
Sure. Granted, if they're stealing your phone and strapping you down and holding your eye open while taking a picture of your iris with an infrared camera ... why aren't they just using your actual eye to unlock the phone? And, I think you have bigger issues if all that is taking place.
 
Am I the only one who came here to object to the term "hacked"? Isn't this more of a bypass than a hack?
 
The major problem I see with biometrics is once that information is out its out for good. You can't change your finger prints or your retina.
 
The major problem I see with biometrics is once that information is out its out for good. You can't change your finger prints or your retina.
...And if the government / totally-not-evil corporation has backdoors into devices with biometrics...
 
Yeah cheap biometrics are easily fooled because they just are picture recognition programs when you get down to it.

The half decent ones use your blood vessels in your hands or actual retinal scans which are the blood vessels in your eyes not just the picture of your iris something not as simple as taking a good picture of a person, well you'd need specialized camera to do it.

Ease of use always comes out the sake of security.
 
Back
Top