The iris- recognition in Samsung’s new Galaxy S8 has been defeated by German hackers, less than one month after releasing over the world. The Chaos Computer club, formed in Berlin in 1989, posted a video showing the security feature being fooled by a fake eye into thinking that being unlock by the a legitimate owner.
The fake eye, which is made using just a printed and a contact lens to match the curvature of the eye, can be created using picture of the owner’s eye taken from the social media.
“The security risk to the user from iris recognition is even bigger than with fingerprints, as we expose our irises a lot,” said the group’s spokesperson, Dirk Engling. “If you value the data on your phone – and possibly want to even use it for payment – using the traditional pin-protection is a safer approach than using body features for authentication.” This hack is even simpler and could be pulled off just a photo taken from Facebook, a conventional laser printer and a contact lens.
Samsung’s iris-scanner is considered one of the highest security features to keep your data safe, because “the details of your iris are unique and impossible to copy.”
However, the CCC’s proofs show that the iris-security method, or earlier fingerprint sensor, can completely be overtaken. It not only exposes information on the user’s device, but can also be used to conduct online transactions as multiple parties have supported biometric authentication. Experts say security with a PIN or password seems to be a safer method.