Fooling Galaxy S8's iris scanner deemed as "unrealistic" by Samsung


Bypassing the Galaxy S8/S8+'s iris scanner is not easy at all, according to Samsung. The tech giant issued a quick response to the recently-surfaced video of German research group Chaos Computer Club, which exposed a seemingly large security vulnerability in the company's latest flagships.

In said clip, a photo of the subject is taken using a camera's night mode or with the infrared filter removed, as this makes details of the iris (which are hard to distinguish otherwise) easily recognizable. Then, the photo is printed out, and a contact lens is placed above the printed iris to simulate a 3D object, which in turn bypasses the iris scanner on the S8.



Speaking to The Korea Herald, a Samsung spokesperson expressed their reservations about the hacking method, arguing that it's "difficult" for the whole scenario to unfold in real life:


It's understandable that Samsung is taking such a stance. The sheer effort and dedication required for the hack to be pulled off puts the vast majority of Galaxy S8 owners in the safe zone, Thus, iris scanning will most likely continue to be pitched as a reliable authentication method, even for the company's mobile payment service - Samsung Pay. 

However, the hard-line stance taken by the tech giant in front of Korean media on Thursday might fool some into thinking that the vulnerability won't be addressed. This is not the case, as the initial statement from Samsung (issued on the same day on which the video surfaced) assured that the firm will try to resolve the security hole as soon as possible:


FEATURED VIDEO

72 Comments

1. NoToFanboys

Posts: 3231; Member since: Oct 03, 2015

A flaw is a flaw. Fight me.

5. umaru-chan

Posts: 358; Member since: Apr 27, 2017

No need to fight. Instead of turning a blind eye to it Samsung should admit that that iris scanner is flawed. I'll even argue that their fingerprint placement is also a total failure. Samsung should address this problem not denying or turn blind eye to it.

8. maherk

Posts: 6876; Member since: Feb 10, 2012

Tell me a few scenarios where you could see someone using this veryyy simple technique to unlock an S8. Every gadget on this planet is hackable, including modern cars, and companies acknowledge that, but they do their best to ensure that hacking into their products will be a very, very tough and complicated procedure, and that's what Samsung did. Btw, copying someone's fingerprint and using it to unlick someone's phone is simpler than this, where is the uproar of the people criticizing the iris scanning technology?

10. NoToFanboys

Posts: 3231; Member since: Oct 03, 2015

Very well said maherk. Prepare for passionate Samsung haters to label you a blind sammy fanboy.

36. maherk

Posts: 6876; Member since: Feb 10, 2012

I've been called a Samsung fanboy and a Samsung hater, and I'm used to it by now, I don't take those trolls seriously.

37. NoToFanboys

Posts: 3231; Member since: Oct 03, 2015

Same here, been called Samsung fanboy last week, Sony fanboy a few days ago, Apple fanboy a few minutes ago. I don't know what's next, maybe Huawei? LOL

20. darkkjedii

Posts: 31034; Member since: Feb 05, 2011

Good post Maher.

24. piyath

Posts: 2445; Member since: Mar 23, 2012

Fail is a fail baby... LOL Samsung is a fail....!!!

29. Phonehex

Posts: 763; Member since: Feb 16, 2016

HAHA , Beggar Piyath , go play your iPhone 6. You cant afford the S8 anyway. Keep feeling happy about any negatives written by iPhonearena. and also try feeling yourself since no girl would have felt you up anyway in forever !! Piyaath. Hahahahahaha. HAHAHAHAHAHAHAHAHA

38. NoToFanboys

Posts: 3231; Member since: Oct 03, 2015

"Fail is a fail baby" I'm guessing this is what your parents say about you.

58. Sammy_DEVIL737

Posts: 1529; Member since: Nov 28, 2016

Hahahaahaha

57. Sammy_DEVIL737

Posts: 1529; Member since: Nov 28, 2016

Piyath u r not just a "Sheeple" u r true "iSheeple".

27. sgodsell

Posts: 7365; Member since: Mar 16, 2013

What I find funny in this. Is I have to open both eyes in order for the S8 iris scanner to work. So maybe they setup their S8 with only one eye. Because they only printed one eye and placed a contact lens over top of the eye, and then scanned only one eye.

28. maherk

Posts: 6876; Member since: Feb 10, 2012

Actually, I can unlock my phone with one eye closed, and it's as quick as when I have both eyes opened.

69. audibot

Posts: 634; Member since: Jan 26, 2017

all they need to do is add the blink feature like back on the gs3 to prove its not a pic

9. Zack_2014

Posts: 677; Member since: Mar 25, 2014

Are you even capable of executing that hack? Shut your stupid trolling art in every Samsung article. Every security feature on earth is prone to hacking, does that make it a fail? Sorry mate but you failed miserably at trolling.

25. piyath

Posts: 2445; Member since: Mar 23, 2012

Yes I'm very capable of this hack. All I need is a descent legacy camera and some lenses. If I stole a S8 it can be unlocked so easily...

41. cmdacos

Posts: 4200; Member since: Nov 01, 2016

And my eyes you clown. Use your brain. As underdeveloped as it is, there is hope you will survive.

66. Macready

Posts: 1821; Member since: Dec 08, 2014

" and some lenses" Clearly, you didn't understand the IR part required.

72. iushnt

Posts: 3103; Member since: Feb 06, 2013

Believe me, you can't.

77. Myphoneisonfire

Posts: 403; Member since: Sep 05, 2016

@piyath you can sleep easy . Reasons being. 1. Your phone doesn't have any biometric security .(iPhone 5c) 2. You don't have anything worth stealing anyway. This includes your lowlife btw.

21. cmdacos

Posts: 4200; Member since: Nov 01, 2016

They are addressing the problem. Reading is hard.

12. Bondurant

Posts: 781; Member since: Jun 04, 2014

Its not like fingerprint can't be fooled in this way.

14. NoToFanboys

Posts: 3231; Member since: Oct 03, 2015

If you look closely, I'm baiting anti samsung trolls.

15. Bankz

Posts: 2543; Member since: Apr 08, 2016

Weather its realistic or not, the point is that the iris scanner isn't meant to be bypassed (how much more so easily and casually), moreso when heve been falsely praising as the most reliable security feature. Just stop making excuses samsung and learn to put out quality releases.

55. omnitech

Posts: 1131; Member since: Sep 28, 2016

Lol if Samsung needs to learn how put out quality releases, everyone else needs it more.

60. tedkord

Posts: 17356; Member since: Jun 17, 2009

What's easy about this? This is actually less easy than the iPhone fingerprint bypass. You didn't see me calling Apple out for that, because it's not a realistic scenerio. Neither is this.

68. audibot

Posts: 634; Member since: Jan 26, 2017

i would not call it a flaw as much as entry tech, think about it iris scanners for gov cost 5k and up a phone will not have that accuracy.

2. Bixby

Posts: 11; Member since: Jan 27, 2017

Story sponsored and brought to you by,,,,,,,,,,

4. umaru-chan

Posts: 358; Member since: Apr 27, 2017

And who sponsored you bixby?

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.