Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Galaxy S8 Iris Scanner Fooled by a Picture and Contact Lens

May 25, 2017

The Internet is buzzing with a shocking discovery that the iris scanner authentication on the Galaxy S8 is so easy to bypass. Hackers with the Chaos Computer Club in Germany said they were able to bypass the iris scan with less than $725 worth of equipment. All that is required is a digital camera, a laser printer and a contact lens. The hack required taking a picture of the subject's face, printing it on paper, superimposing the contact lens, and holding the image in front of the locked Galaxy S8. "Iris recognition may protect a phone against complete strangers unlocking it, but whoever has a photo of the legitimate owner can trivially unlock the phone," said Chaos Computer Club (CCC) spokesperson Dirk Engling. Samsung responded to the news by releasing the following statement:

"We are aware of the issue, but we would like to assure our customers that the iris scanning technology in the Galaxy S8 has been developed through rigorous testing to provide a high level of accuracy and prevent attempts to compromise its security, such as images of a person's iris. If there is a potential vulnerability or the advent of a new method that challenges our efforts to ensure security at any time, we will respond as quickly as possible to resolve the issue."

This shouldn't surprise anyone. It is well known that consumer grade biometrics are easy to bypass and are not very secure. The touch ID scanner on the iPhone has been compromised many times and there are similar hacks with Android fingerprints. According to Dirk Engling, "If you value the data on your phone – and possibly want to even use it for payment – using a traditional PIN is a safer approach." I'll take it a step further and state that an unlock password is even better than a PIN, which is limited to numbers only.

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://www.senseient.com

John W. Simek
Vice President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Your IT Consultant

Galaxy S8 Iris Scanner Fooled by a Picture and Contact Lens

Subscribe for More!

Popular Categories

Listen to the Podcast

Disclaimer