Latest in Security

Image credit:

The Galaxy S8 iris scanner can be hacked with aging tech

It only took a point-and-shoot camera, laser printer and contact lens.
Chris Ip, @chrisiptw
May 23, 2017
Share
Tweet
Share

Sponsored Links

Chaos Computer Club

Biometrics are becoming our next de facto security measure, and they're supposed to be a vast improvement on easily-forgotten and hackable passwords. Yet a point-and-shoot camera, laser printer and contact lens is all it took for German hacking group Chaos Computer Club to crack the Samsung Galaxy S8's iris scanner. "By far [the] most expensive part of the iris biometry hack was the purchase of the Galaxy S8," the group wrote on its website.

They pulled it off by taking a photo of the target from about five meters away, and printing a close-up of the eye on a laser printer — made by Samsung, no less. A regular contact lens was placed on top of the print to replicate the curve of an eyeball. When the print was held up to the smartphone, the S8 unlocked.

"The security risk to the user from iris recognition is even bigger than with fingerprints as we expose our irises a lot," said Dirk Engling, spokesperson for the group, which previously hacked the iPhone 5S fingerprint sensor using photos of a glass surface. "Under some circumstances, a high-resolution picture from the internet is sufficient to capture an iris."

Biometric security is taking off, particularly with the rise of mobile payments. Mastercard has rolled out "selfie pay" in Europe, while Australia has introduced facial recognition to replace passports in airports, and Chinese ride-share company Didi helps passengers verify their driver's identity using face scanning.

Sci-fi has told us that iris scans are so accurate you'd need to cut out someone's eyes to fool them. But the disappointing reality so far is that stuff a hacker could rummage for on Craigslist is probably good enough.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Someone bought the new Chromecast and told Reddit all about it

Someone bought the new Chromecast and told Reddit all about it

View
Here's everything Amazon announced at its big hardware event

Here's everything Amazon announced at its big hardware event

View
The best wireless workout headphones

The best wireless workout headphones

View
Watch Amazon's entire new hardware event right here

Watch Amazon's entire new hardware event right here

View
Google Chrome will warn you if your logins have been stolen

Google Chrome will warn you if your logins have been stolen

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr