Latest in Security

Image credit: Chaos Computer Club

The Galaxy S8 iris scanner can be hacked with aging tech

It only took a point-and-shoot camera, laser printer and contact lens.
1293 Shares
Share
Tweet
Share
Save

Sponsored Links

Chaos Computer Club

Biometrics are becoming our next de facto security measure, and they're supposed to be a vast improvement on easily-forgotten and hackable passwords. Yet a point-and-shoot camera, laser printer and contact lens is all it took for German hacking group Chaos Computer Club to crack the Samsung Galaxy S8's iris scanner. "By far [the] most expensive part of the iris biometry hack was the purchase of the Galaxy S8," the group wrote on its website.

They pulled it off by taking a photo of the target from about five meters away, and printing a close-up of the eye on a laser printer — made by Samsung, no less. A regular contact lens was placed on top of the print to replicate the curve of an eyeball. When the print was held up to the smartphone, the S8 unlocked.

"The security risk to the user from iris recognition is even bigger than with fingerprints as we expose our irises a lot," said Dirk Engling, spokesperson for the group, which previously hacked the iPhone 5S fingerprint sensor using photos of a glass surface. "Under some circumstances, a high-resolution picture from the internet is sufficient to capture an iris."

Biometric security is taking off, particularly with the rise of mobile payments. Mastercard has rolled out "selfie pay" in Europe, while Australia has introduced facial recognition to replace passports in airports, and Chinese ride-share company Didi helps passengers verify their driver's identity using face scanning.

Sci-fi has told us that iris scans are so accurate you'd need to cut out someone's eyes to fool them. But the disappointing reality so far is that stuff a hacker could rummage for on Craigslist is probably good enough.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
1293 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's 2019 Back-to-School Guide

Engadget's 2019 Back-to-School Guide

View
Google and Mozilla to block web surveillance in Kazakhstan

Google and Mozilla to block web surveillance in Kazakhstan

View
'Saturday Night Live' is coming to UK screens in early 2020

'Saturday Night Live' is coming to UK screens in early 2020

View
Watch and listen to THX's new Deep Note trailer with spatial 3D audio

Watch and listen to THX's new Deep Note trailer with spatial 3D audio

View
Facebook loses Oculus executive who led its mobile VR efforts

Facebook loses Oculus executive who led its mobile VR efforts

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr