Influential Hackers Fool Samsung S8's Eye Scanner With Photos And Contacts

Influential Hackers Fool Samsung S8's Eye Scanner With Photos And Contacts

One of Samsung's most popular smartphones can't tell the difference between a real human eye, a contact lens, or a photograph.

The particular phone in question is the Galaxy S8 and this interesting news comes from none other than Europe's Chaos Computer Club (CCC). Technicians at CCC discovered serious defects in the Galaxy S8's eye scanner after extensive testing and they just posted their results online.

Owners of Galaxy S8 phones should already know that the device's eye scanner works by taking a detailed look at the iris. People who choose to use this feature can simply scan their eye to unlock their phone. This it touted by Samsung as an "airtight security" measure that makes it virtually impossible for criminals to unlock a person's phone.

In order to test this device, workers took a brand new Galaxy S8 and had a volunteer scan his eye into the iris scanner. Once the iris scanner was all set with the volunteer's data, the CCC group took a photo of the volunteer's eyes on a digital camera using the infra-red night setting.

Once the photo was printed on high quality paper, the researchers put the photo in front of the eye scanner to see what would happen. Almost instantly, the phone unlocked after scanning the photographed representation of the person's eye.

In addition to testing out a picture of the volunteer's eyes, the people involved in this study took one of the volunteer's contact lenses and put it in front of the eye scanner. Amazingly, the phone unlocked after scanning the user's contact.

When asked for a response to this data, Samsung said it was aware of the issue. The company also said that their iris scanning technology went through extreme testing before the phone was released to the public.

In an official statement to the press, Samsung said, "If there is potential vulnerability…we will respond as quickly as possible to resolve the issue." No word yet on whether or not Samsung will be working on new eye detection technologies in the future.

Ken Munro, a security expert at Pen Test Partners, said he wasn't surprised by the results from this study. According to Munro, biometrics eye scanning hasn't been perfected yet in any device. The only way you can be "safe" using mobile iris scanners is to close your eyes all day long to prevent others from using a picture of your eye. But this strategy, of course, is just plain silly.

People who have a phone with eye scanning technology are advised to use the fingerprint option or a numbered passcode. Galaxy S8 users have the ability to choose either one of these options.

Samsung is one of the most influential multinationals in South Korea. Headquartered in Seoul, Lee Byung-chul founded Samsung in 1938. The company now sells consumer electronics all over the world.

CCC is one of Europe's largest communities of tech experts and hackers. The group was founded in 1981 and is headquartered in Berlin, Germany. Almost all of CCC's 5,500 members speak German as their first language.

Anyone interested in watching CCC's video can easily find it online. The full video title is called "Hacking the Samsung Galaxy S8 Irisscanner."

« Back to list