Latest in Security

Image credit:

The Galaxy S8 iris scanner can be hacked with aging tech

It only took a point-and-shoot camera, laser printer and contact lens.
Chris Ip, @chrisiptw
May 23, 2017
Share
Tweet
Share

Sponsored Links

Chaos Computer Club

Biometrics are becoming our next de facto security measure, and they're supposed to be a vast improvement on easily-forgotten and hackable passwords. Yet a point-and-shoot camera, laser printer and contact lens is all it took for German hacking group Chaos Computer Club to crack the Samsung Galaxy S8's iris scanner. "By far [the] most expensive part of the iris biometry hack was the purchase of the Galaxy S8," the group wrote on its website.

They pulled it off by taking a photo of the target from about five meters away, and printing a close-up of the eye on a laser printer — made by Samsung, no less. A regular contact lens was placed on top of the print to replicate the curve of an eyeball. When the print was held up to the smartphone, the S8 unlocked.

"The security risk to the user from iris recognition is even bigger than with fingerprints as we expose our irises a lot," said Dirk Engling, spokesperson for the group, which previously hacked the iPhone 5S fingerprint sensor using photos of a glass surface. "Under some circumstances, a high-resolution picture from the internet is sufficient to capture an iris."

Biometric security is taking off, particularly with the rise of mobile payments. Mastercard has rolled out "selfie pay" in Europe, while Australia has introduced facial recognition to replace passports in airports, and Chinese ride-share company Didi helps passengers verify their driver's identity using face scanning.

Sci-fi has told us that iris scans are so accurate you'd need to cut out someone's eyes to fool them. But the disappointing reality so far is that stuff a hacker could rummage for on Craigslist is probably good enough.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Engadget's 2020 Back-to-School Guide

Engadget's 2020 Back-to-School Guide

View
Apple’s first watchOS 7 public beta is now available

Apple’s first watchOS 7 public beta is now available

View
NVIDIA is teasing something big for August 31st

NVIDIA is teasing something big for August 31st

View
Watch AI-controlled virtual fighters take on an Air Force pilot on August 18th

Watch AI-controlled virtual fighters take on an Air Force pilot on August 18th

View
'Minecraft: Education Edition' is available on Chromebooks

'Minecraft: Education Edition' is available on Chromebooks

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr