Samsung Galaxy S8’ iris scanner hacked using contact lens and photo

After the breach of HSBC’s voice-recognition system, Samsung Galaxy S8 has been the next target with its iris scanner that has been claimed to be superior to the traditional password system to access one’s digital devices.

Chaos Computer Club proves that the iris scanner is no good: a group of hackers at the Chaos Computer Club from Germany put the latest iris scanner on Samsung Galaxy S8 to test. The scanner, as you may already know, is a lock system that lets a user lock and unlocks one’s phone by simply staring at it and getting one’s irises scanned so as to verify one’s identity. Such biometric technology has seemingly taken over the conventional password systems that are now perceived to be outdated and less secure.

Ironically, the hackers at the Chaos Computer Club were able to fool the iris scanner with just a laser print of a person’s photograph with lenses on its eyes. Essentially, the hackers took a photo with their camera focusing on the eyes and took out a laser print of the photo.

They then placed contact lenses on the eye and brought the iris scanner in front of the picture.

Voila! The scanner verified the identity and was easily unlocked. According to the hacker, the most expensive thing involved in breaking past the iris verification process was to get the original Samsung S8. Also, the laser print was taken out of Samsung’s premium laser printer.

Iris scanners are more dangerous than other biometrics: According to one of the spokesperson of Chaos Computer, Dirk Engling, the iris scanner is much more vulnerable to breaches than fingerprints scanners since irises are always exposed. There is no way to hide them, and as such, they can easily be replicated.

This is in stark contrast to what the majority believes about iris scanners, which is that a person’s eye has to be cut out in order to break the verification system. Furthermore, Engling stated that a simple high-resolution picture is sufficed to break the system with pictures being easily available on the internet.

The rise of biometrics and impending dangers: Unfortunately, despite the dangers, biometrics are overtaking the traditional password systems as evidenced by the recent launch of “selfie pay” by MasterCard and the more common face recognition system introduced in Australia, to replace the traditional passport verification process. Although these systems sound hi-tech and more secure, the reality, however, is clearly the opposite.

Source: Chaos Computer Club | Image Credit: Shutterstock/By Crystal Eye Studio

DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

Related Posts