The iris recognition feature on the Samsung Galaxy S8 can be easily bypassed using “basic tools”, security researchers in Germany have discovered.
First unveiled back in March, the Galaxy S8 is Samsung’s latest flagship smartphone as was launched as the comeback phone following the disastrous Galaxy Note 7, which was found to be fire prone.
The Galaxy S8 is perhaps best known for its infinity display which takes up nearly the whole of the front of the smartphone.
However, its other key feature is its iris recognition technology, which lets owners unlock the phone by looking at it, allowing the S8 to scan the unique patterns contained with the iris.
However, security researchers in Germany have discovered the new iris scanner isn’t nearly as secure as one might expect.
The researchers, who are part of Chaos Computer Club, the largest hacking collective in Europe are seen more as hacktivists rather than cyber criminals.
In 2015, the same group showed how an iPhone could be accessed by tricking the Touch ID fingerprint system.
Now the group say they fooled the S8’s iris recognition system by using a standard digital camera that was set to shoot in night mode. They then took a photo of the victim from a few metres away. The image was then printed using a laser printer and contact lens placed over the printed photograph.
When held up to the Galaxy S8, the phone recognised the image as the eye of the person registered to the phone and unlocked it, the Guardian reported.
“The security risk to the user from iris recognition is even bigger than with fingerprints, as we expose our irises a lot, CCC’s spokesperson Dirk Engling told The Guardian.
“If you value the data on your phone – and possibly want to even use it for payment – using the traditional pin-protection is a safer approach than using body features for authentication.”
The group posted a video of the hack taking place, in which the iris recognition feature looks incredibly easy to fool.
On the security page of its website, Samsung says: “the patterns in your irises are unique to you and are virtually impossible to replicate, meaning iris authentication is one of the safest ways to keep your phone locked and the contents private”.
Jonathan is our Google Nexus and Android enthusiast. He is also fanatical about football which makes it all the more strange that he should support Stockport County. In addition to writing about tech, Jonathan has a passion for fitness and nutrition and has previously written for one the UK’s leading watch and horology websites.