Hackers Trick Samsung Galaxy S8 Iris Recognition Using a Printed Photo and a Contact Lens

by

German hackers have successfully broken the iris recognition authentication in the Samsung Galaxy S8 using equipment that costs less than the price of the smartphone, according to Ars Technica.

Hackers with the Chaos Computer Club used a digital camera, a Samsung laser printer, and a contact lens to achieve the feat. The hack involved taking a picture of the phone owner's face, printing it out on paper, carefully placing the contact lens on the iris in the printout, and holding the image in front of the locked Galaxy S8.


The video shown above was posted by the hackers to demonstrate the process in action. The photo doesn't have to be a close-up shot, although using night-shot mode or removing the infrared filter helps, according to the hackers.

The hack comes despite the fact that both Samsung and Princeton Identity, the manufacturer of the authentication technology, say iris recognition provides "airtight security" that allows consumers to "finally trust that their phones are protected". Princeton Identity have also said the Samsung partnership "brings us one step closer to making iris recognition the standard for user authentication."

The Galaxy S8 is one of the first flagship phones to offer iris recognition as a convenient alternative to using a passcode or fingerprint, but the hackers said they suspect future mobile devices that offer iris recognition may be equally easy to hack. Apple is widely expected to include the feature alongside Touch ID and face recognition in this year's much-rumored OLED iPhone, although the possible origins of the technology remain unclear.

Apple has already trademarked "Iris Engine", presumably in relation to the upcoming feature, with its acquisition of companies such as Faceshift and PrimeSense lending credence to the suggestion that Apple is developing its own solution for the so-called "iPhone 8". One report has claimed that Taiwan-based supplier Xintec, an affiliate of Apple manufacturer TSMC, is mass-producing the iris recognition chips for Apple.

Samsung reportedly added a facial recognition capability to the Galaxy S8 because of doubts about the reliability of iris scanning on its own, but the security of the facial recognition itself came into question almost immediately, when a photo of a user's face was used to unlock a handset at the S8 launch event.

Tags: Security, Iris Scanner, Galaxy S8
Related Forum: iPhone

Popular Stories

iPhone SE 4 Vertical Camera Feature

iPhone SE 4 Production Will Reportedly Begin Ramping Up in October

Tuesday July 23, 2024 2:00 pm PDT by
Following nearly two years of rumors about a fourth-generation iPhone SE, The Information today reported that Apple suppliers are finally planning to begin ramping up mass production of the device in October of this year. If accurate, that timeframe would mean that the next iPhone SE would not be announced alongside the iPhone 16 series in September, as expected. Instead, the report...
Read Full Article68 comments
iPhone 17 Plus Feature

iPhone 17 Lineup Specs Detail Display Upgrade and New High-End Model

Monday July 22, 2024 4:33 am PDT by
Key details about the overall specifications of the iPhone 17 lineup have been shared by the leaker known as "Ice Universe," clarifying several important aspects of next year's devices. Reports in recent months have converged in agreement that Apple will discontinue the "Plus" iPhone model in 2025 while introducing an all-new iPhone 17 "Slim" model as an even more high-end option sitting...
Read Full Article160 comments
Generic iPhone 17 Feature With Full Width Dynamic Island

Kuo: Ultra-Thin iPhone 17 to Feature A19 Chip, Single Rear Camera, Semi-Titanium Frame, and More

Wednesday July 24, 2024 9:06 am PDT by
Apple supply chain analyst Ming-Chi Kuo today shared alleged specifications for a new ultra-thin iPhone 17 model rumored to launch next year. Kuo expects the device to be equipped with a 6.6-inch display with a current-size Dynamic Island, a standard A19 chip rather than an A19 Pro chip, a single rear camera, and an Apple-designed 5G chip. He also expects the device to have a...
Read Full Article162 comments
iPhone 16 Pro Sizes Feature

iPhone 16 Series Is Less Than Two Months Away: Everything We Know

Thursday July 25, 2024 5:43 am PDT by
Apple typically releases its new iPhone series around mid-September, which means we are about two months out from the launch of the iPhone 16. Like the iPhone 15 series, this year's lineup is expected to stick with four models – iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max – although there are plenty of design differences and new features to take into account. To bring ...
Read Full Article130 comments
icloud private relay outage

iCloud Private Relay Experiencing Outage

Thursday July 25, 2024 3:18 pm PDT by
Apple’s iCloud Private Relay service is down for some users, according to Apple’s System Status page. Apple says that the iCloud Private Relay service may be slow or unavailable. The outage started at 2:34 p.m. Eastern Time, but it does not appear to be affecting all iCloud users. Some impacted users are unable to browse the web without turning iCloud Private Relay off, while others are...
Read Full Article81 comments

Top Rated Comments

keysofanxiety Avatar
keysofanxiety
94 months ago
Ah that blog post from Princeton Identity...
In our daily lives, we almost always confirm the identity of the people who we know using a version of biometrics – we recognize the face, the body size and shape, and the voice of our friends, family and coworkers.
I can't help but imagine lots of people having conversations with cardboard cutouts of their coworkers and not knowing the difference.

They also tricked Touch ID btw
By replicating a fingerprint in identical detail, yes. It's like 'tricking' a door by creating the exact key which fits the lock. Samsung's door, on the other hand, would simply creak open by whistling into the lock like a Shaman Throat Warbler. :D
Score: 53 Votes (Like | Disagree)
Nik Avatar
Nik
94 months ago
They also tricked Touch ID btw. With a photograph + wax. For Samsung you need Photograph + Contact Lens. Not much different. Both systems are not secure.
Score: 32 Votes (Like | Disagree)
Zirel Avatar
Zirel
94 months ago
Iris -> Siri
Both worthless. Who would have thought?
So worthless, that Apple received multiple awards for its use by disabled people...
Score: 26 Votes (Like | Disagree)
tdream Avatar
tdream
94 months ago
Samsung security is worthless because hackers found a way to steal a sample of your saliva, reengineer a perfect clone of you using stem cells and dna material left on your starbucks coffee cup. Now they've stolen your wife, family and kids, house, bank accounts, dog and collection of baseball cards.
Score: 22 Votes (Like | Disagree)
TheShadowKnows! Avatar
TheShadowKnows!
94 months ago
Iris -> Siri
Both worthless. Who would have thought?
Score: 16 Votes (Like | Disagree)
44267547 Avatar
44267547
94 months ago
So Samsungs gimmick feature got hacked,No doubt Finger print scanner is more secure than this iris scanner.
@Sunny1990. Actually, you're incorrect. Iris scanning is far more secure than a fingerprint scanner.

The iris is the colored pattern part of your eye. It is developed when you're approximately a year old or so. An eye injury or death, apparently never changes after the fact. Fingerprints can likely be duplicated one out of 50,000 as where Iris scanning is more similar to one out of 1 million. It uses infrared and a camera to detect the Iris.

Iris scanning is also expected to be 5/6 times more secure than a fingerprint and accurate in reading, because it contains more unique information about you and makes it highly more accurate/reliable than fingerprint scanning. Fingerprint scanning can be duplicated .

http://science.howstuffworks.com/biometrics4.htm

http://findbiometrics.com/solutions/iris-scanners-recognition/
Score: 16 Votes (Like | Disagree)
Read All Comments