German hackers have successfully broken the iris recognition authentication in the Samsung Galaxy S8 using equipment that costs less than the price of the smartphone, according to Ars Technica
Hackers with the Chaos Computer Club
used a digital camera, a Samsung laser printer, and a contact lens to achieve the feat. The hack involved taking a picture of the phone owner's face, printing it out on paper, carefully placing the contact lens on the iris in the printout, and holding the image in front of the locked Galaxy S8.
The video shown above was posted by the hackers
to demonstrate the process in action. The photo doesn't have to be a close-up shot, although using night-shot mode or removing the infrared filter helps, according to the hackers.
The hack comes despite the fact that both Samsung and Princeton Identity, the manufacturer of the authentication technology, say iris recognition provides "airtight security
" that allows consumers to "finally trust that their phones are protected
". Princeton Identity have also said the Samsung partnership "brings us one step closer to making iris recognition the standard for user authentication."
The Galaxy S8 is one of the first flagship phones to offer iris recognition as a convenient alternative to using a passcode or fingerprint, but the hackers said they suspect future mobile devices that offer iris recognition may be equally easy to hack. Apple is widely expected to include the feature alongside Touch ID
and face recognition in this year's much-rumored OLED iPhone, although the possible origins of the technology remain unclear.
Apple has already trademarked "Iris Engine
", presumably in relation to the upcoming feature, with its acquisition of companies such as Faceshift
lending credence to the suggestion that Apple is developing its own solution for the so-called "iPhone 8
". One report has claimed that Taiwan-based supplier Xintec, an affiliate of Apple manufacturer TSMC, is mass-producing the iris recognition chips
Samsung reportedly added a facial recognition capability to the Galaxy S8 because of doubts about the reliability of iris scanning
on its own, but the security of the facial recognition itself came into question almost immediately, when a photo of a user's face was used to unlock a handset at the S8 launch event