Hackers Trick Samsung Galaxy S8 Iris Recognition Using a Printed Photo and a Contact Lens

German hackers have successfully broken the iris recognition authentication in the Samsung Galaxy S8 using equipment that costs less than the price of the smartphone, according to Ars Technica.

Hackers with the Chaos Computer Club used a digital camera, a Samsung laser printer, and a contact lens to achieve the feat. The hack involved taking a picture of the phone owner's face, printing it out on paper, carefully placing the contact lens on the iris in the printout, and holding the image in front of the locked Galaxy S8.


The video shown above was posted by the hackers to demonstrate the process in action. The photo doesn't have to be a close-up shot, although using night-shot mode or removing the infrared filter helps, according to the hackers.

The hack comes despite the fact that both Samsung and Princeton Identity, the manufacturer of the authentication technology, say iris recognition provides "airtight security" that allows consumers to "finally trust that their phones are protected". Princeton Identity have also said the Samsung partnership "brings us one step closer to making iris recognition the standard for user authentication."

The Galaxy S8 is one of the first flagship phones to offer iris recognition as a convenient alternative to using a passcode or fingerprint, but the hackers said they suspect future mobile devices that offer iris recognition may be equally easy to hack. Apple is widely expected to include the feature alongside Touch ID and face recognition in this year's much-rumored OLED iPhone, although the possible origins of the technology remain unclear.

Apple has already trademarked "Iris Engine", presumably in relation to the upcoming feature, with its acquisition of companies such as Faceshift and PrimeSense lending credence to the suggestion that Apple is developing its own solution for the so-called "iPhone 8". One report has claimed that Taiwan-based supplier Xintec, an affiliate of Apple manufacturer TSMC, is mass-producing the iris recognition chips for Apple.

Samsung reportedly added a facial recognition capability to the Galaxy S8 because of doubts about the reliability of iris scanning on its own, but the security of the facial recognition itself came into question almost immediately, when a photo of a user's face was used to unlock a handset at the S8 launch event.

Related Forum: iPhone

Popular Stories

Glowtime Live Coverage Article 1

Apple Event Live Blog: iPhone 16, Apple Watch 10, and New AirPods!

Monday September 9, 2024 9:21 am PDT by
Apple's "It's Glowtime" event kicks off today at 10:00 a.m. Pacific Time, where we're expecting to see the iPhone 16 lineup and some updated Apple Watch and AirPods models unveiled, and perhaps some other announcements. Apple is providing a live video stream on its website, on YouTube, and in the company's TV app across various platforms. We will also be updating this article with live blog...
16 pro

Apple Announces iPhone 16 Pro and iPhone 16 Pro Max with Larger Displays, New Camera Control, and More

Monday September 9, 2024 11:13 am PDT by
Apple today announced the iPhone 16 Pro and iPhone 16 Pro Max—its latest flagship smartphones—featuring larger displays, an all-new Camera Control button, and the A18 Pro chip. The iPhone 16 Pro has a 6.3-inch display, while the iPhone 16 Pro Max features a 6.9-inch display—the biggest iPhone display ever. The borders around the display are the thinnest of any Apple device. The...
sonny iphone 16 pro colors

New iPhone 16 and iPhone 16 Pro Colors Revealed Ahead of Apple Event

Friday September 6, 2024 5:01 am PDT by
Apple is "shaking up its color palette" for its iPhone 16 lineup this year, according to well-connected Bloomberg reporter Mark Gurman. Early iPhone 16 Pro dummy models via Sonny Dickson According to Gurman, the iPhone 16 Pro models will come in a Gold Titanium to replace Blue Titanium, while the Black, White, and Natural Titanium options that debuted with the iPhone 15 Pro will remain...
iPhone 16 Pro Mock Article

How Much Will the iPhone 16 Cost?

Friday September 6, 2024 5:43 am PDT by
Apple's next-generation iPhone 16 series is expected to launch on September 20 and will compete in a quickly evolving smartphone market, and with some notable upgrades rumored, the new models could see price changes compared to previous years. Successive iPhone models always come with new features and hardware upgrades, but Apple typically does not increase the retail prices as a result....
AirPods Max New Colors 2024

Apple Updates AirPods Max With USB-C Port and New Colors

Monday September 9, 2024 10:36 am PDT by
Apple today announced that the AirPods Max are being updated with a USB-C charging port and new color options, including Midnight, Blue, Purple, Orange, and Starlight. In addition, Apple said the AirPods Max are gaining support for Personalized Spatial Audio with the upcoming iOS 18 software update. The updated AirPods Max will be available to pre-order for $549 starting today, and the...
sequoia

macOS Sequoia Release Likely to Be the Earliest in Years

Sunday September 8, 2024 2:14 am PDT by
macOS Sequoia will be one of the earliest new macOS launches in over a decade, likely releasing within as little as just a week. Internal Apple documentation obtained by MacRumors suggests that macOS 15.0 Sequoia will be officially released to the public by mid-September. The release dates of major macOS updates in recent years are listed below: OS X 10.9 (Mavericks) – October 22,...
Screenshot 2024 09 09 at 6

Apple Announces Thinner Apple Watch Series 10 With Bigger Screen Than Ultra

Monday September 9, 2024 10:11 am PDT by
Apple at its event today announced the Apple Watch Series 10, featuring a wide-angle OLED display that is larger than the Apple Watch Ultra, with the company describing it as the "biggest display and thinnest design ever." The Series 10 is 9.7mm thick, which is nearly 10% thinner than Series 9, and it weighs 20% less than the Stainless Steel Series 9. The Aluminum cases also weigh up to 10%...

Top Rated Comments

keysofanxiety Avatar
95 months ago
Ah that blog post from Princeton Identity...
In our daily lives, we almost always confirm the identity of the people who we know using a version of biometrics – we recognize the face, the body size and shape, and the voice of our friends, family and coworkers.
I can't help but imagine lots of people having conversations with cardboard cutouts of their coworkers and not knowing the difference.

They also tricked Touch ID btw
By replicating a fingerprint in identical detail, yes. It's like 'tricking' a door by creating the exact key which fits the lock. Samsung's door, on the other hand, would simply creak open by whistling into the lock like a Shaman Throat Warbler. :D
Score: 53 Votes (Like | Disagree)
Nik Avatar
95 months ago
They also tricked Touch ID btw. With a photograph + wax. For Samsung you need Photograph + Contact Lens. Not much different. Both systems are not secure.
Score: 32 Votes (Like | Disagree)
Zirel Avatar
95 months ago
Iris -> Siri
Both worthless. Who would have thought?
So worthless, that Apple received multiple awards for its use by disabled people...
Score: 26 Votes (Like | Disagree)
tdream Avatar
95 months ago
Samsung security is worthless because hackers found a way to steal a sample of your saliva, reengineer a perfect clone of you using stem cells and dna material left on your starbucks coffee cup. Now they've stolen your wife, family and kids, house, bank accounts, dog and collection of baseball cards.
Score: 22 Votes (Like | Disagree)
TheShadowKnows! Avatar
95 months ago
Iris -> Siri
Both worthless. Who would have thought?
Score: 16 Votes (Like | Disagree)
44267547 Avatar
95 months ago
So Samsungs gimmick feature got hacked,No doubt Finger print scanner is more secure than this iris scanner.
@Sunny1990. Actually, you're incorrect. Iris scanning is far more secure than a fingerprint scanner.

The iris is the colored pattern part of your eye. It is developed when you're approximately a year old or so. An eye injury or death, apparently never changes after the fact. Fingerprints can likely be duplicated one out of 50,000 as where Iris scanning is more similar to one out of 1 million. It uses infrared and a camera to detect the Iris.

Iris scanning is also expected to be 5/6 times more secure than a fingerprint and accurate in reading, because it contains more unique information about you and makes it highly more accurate/reliable than fingerprint scanning. Fingerprint scanning can be duplicated .

http://science.howstuffworks.com/biometrics4.htm

http://findbiometrics.com/solutions/iris-scanners-recognition/
Score: 16 Votes (Like | Disagree)