The Galaxy S8's iris scanner can be bypassed using a digital camera and a contact lens, researchers show


It's a pretty well known fact at this point that using any form of biometric authentication, such as a fingerprint scanner or face unlocking, is essentially choosing convenience over actual security. That is, there are a ton of ways to fool the current technology, and while passwords can be changed, physical features cannot, plastic surgery notwithstanding. This has once again been proven right, as a group of researchers from the Chaos Computer Club, who have demonstrated a method for bypassing the Samsung Galaxy S8's iris scanner.

The process, as demonstrated in the video above, is actually pretty simple: a photo of the subject is taken from a moderate distance with a digital camera (using night mode, so as to capture the same infrared image the S8's scanner would see). Then, the photo is printed out, with the best results coming, ironically, from a Samsung laser printer. And lastly, a contact lens is placed above the printed iris to simulate a three-dimensional object, which the iris scanner then erroneously recognizes as the real thing.

Or in other words, anyone with the ability to take a frontal picture of you can gain access to your device with minimal effort and resources, while Samsung claims its iris scanner provides "airtight" security, and "is one of the safest ways to keep your phone locked and the contents private." Whoops.

Still, such an attack requires a person extremely dedicated to unlocking another's phone, so chances are the everyday consumer is mostly in the clear. However, this does serve as a good reminder to never fully trust a company claiming to have reinvented security overnight.

Related phones

Galaxy S8
  • Display 5.8" 1440 x 2960 pixels
  • Camera 12 MP / 8 MP front
  • Processor Qualcomm Snapdragon 835, Octa-core, 2350 MHz
  • Storage 64 GB + microSDXC
  • Battery 3000 mAh(30h talk time)
Galaxy S8+
  • Display 6.2" 1440 x 2960 pixels
  • Camera 12 MP / 8 MP front
  • Processor Qualcomm Snapdragon 835, Octa-core, 2450 MHz
  • Storage 64 GB + microSDXC
  • Battery 3500 mAh(24h 3G talk time)

FEATURED VIDEO

48 Comments

1. Bankz

Posts: 2543; Member since: Apr 08, 2016

Lmao!

7. umaru-chan

Posts: 358; Member since: Apr 27, 2017

Samsung wants to duplicate the success they have in the Tizen OS's security in the android realm.

22. MattPerkins1

Posts: 94; Member since: Mar 25, 2017

This is funny because Android security is a joke. Always has been. Android is going the way of Symbian (Nokia's old mobile OS). What I find funny about the Android vs iOS argument is the situation is exactly the same as Symbian vs BlackBerry. Both Android and Symbian had 80-90% of the mobile market share while iOS and Blackberry both had only 10-20% mobile market share yet BlackBerry lasted far longer than Symbian did because BlackBerry was more profitable and iOS is far more profitable than Android. But the funny part is no one talked about Symbian's market share when BlackBerry was around like people do about Android's market share compared to iOS's market share. This is because most who use market share with Android have a smartphone that costs less than 1/3rd the price the iPhone costs and market share is their way to justify it. In the past even a Symbian smartphone costs more than post may today for a smartphone and BlackBerry was out of all but the upper middle class price range. Cheap people will always try to justify being cheap. And poor people will always go on the attack of products they want but can't afford. That's how life is.

27. Clars123

Posts: 1078; Member since: Mar 16, 2015

^^ this guy..I cant stop laughing

29. nikhil23

Posts: 442; Member since: Dec 07, 2016

I wonder how ^^ this guy has so much patience to type nonsense on every article. A free advice: get a life

32. Macready

Posts: 1821; Member since: Dec 08, 2014

That was a pretty poor showing, pun intended.

36. nikhil23

Posts: 442; Member since: Dec 07, 2016

@Macready: my bad ^ ^ (((( (((( (((( (((( (((( guy

33. arming

Posts: 65; Member since: Jul 23, 2016

Would you mind to share what've u been smoking ? I love strong stuffs too , thanks

41. sissy246

Posts: 7112; Member since: Mar 04, 2015

If I wanted a damn iPhone I would have just bought one because I more then could have since my s8+ cost more then the iPhone 7 plus. You are just a dumb azz

2. Clars123

Posts: 1078; Member since: Mar 16, 2015

*grabs popcorn

3. nikhil23

Posts: 442; Member since: Dec 07, 2016

this again proves that pin/password is the only secure mechanism of unlocking a phone

4. nikhil23

Posts: 442; Member since: Dec 07, 2016

Oh btw. iphone fps can be bypassed by lifting a fp from a glass. youtube.com/watch?v=2u4ZLGsw1zo&t=849s but again PA doesn't post this and everyone knows why

10. zunaidahmed

Posts: 1183; Member since: Dec 24, 2011

Stupid comment, every other fingerprint scanner could also be tricked in a similar way, your point? That's why I still use pin

15. nikhil23

Posts: 442; Member since: Dec 07, 2016

oh..don't mistake me. I say this for every fps out there. Pin/password is the only secure way

14. Kaloyan.C

Posts: 22; Member since: Feb 25, 2017

Well, this piece of news was posted on the very same day as the Tested video: phonearena.com/news/Group-that-hacked-Touch-ID-las​t-year-is-back-with-an-easier-way-to-fool-your-fin​gerprint-scanner_id64193

16. nikhil23

Posts: 442; Member since: Dec 07, 2016

I apologize. My mistake for missing that article. However, if you compare the two articles, the first article doesn't ask people not to trust a company. Am I wrong in pointing out that few articles are biased ?

34. RoboticEngi

Posts: 1251; Member since: Dec 03, 2014

This is iphonearena, it is supposed to be biased.

19. HansP

Posts: 542; Member since: Oct 16, 2011

Why look for a glass when the required fingerprints are all over the phone?

40. piyath

Posts: 2445; Member since: Mar 23, 2012

Wrong article. This is about Samsung s**tty failures. So let's talk about that and only that, shall we? Apple is known for better security than Android all the time. While nothing is perfect iPhone is the most secure device in the world. Even FBI couldn't unlock an iPhone without paying 1 million dollars.

42. piyath

Posts: 2445; Member since: Mar 23, 2012

That video was posted in 2014...lol Apple has fixed all those bugs with their new 2nd gen finger print scanner. Trolling denied.

5. Bankz

Posts: 2543; Member since: Apr 08, 2016

Dunno why samsung are never tidy. They always rush to bring out features that are unfinished, undercooked and buggy. Just learn from apple and stop rushing out halfassed features ffs..

6. NoToFanboys

Posts: 3231; Member since: Oct 03, 2015

Exactly! All Apple releases are perfection! /s

9. zunaidahmed

Posts: 1183; Member since: Dec 24, 2011

Haha, that comment was so lame.....anyway, yeah, I haven't seen a perfect smartphone launch in ages lol, there's always hardware problem of software problems which are fixed afterwards

12. Tabby_Tiger

Posts: 305; Member since: Jan 23, 2017

Apple Maps?

11. willard12 unregistered

...like iOS software that crashes at 3 times the rate of Android? Let's not learn from that.

39. piyath

Posts: 2445; Member since: Mar 23, 2012

Iris scanner.....lol ha ha ha ha ha ha haaaaaa...

43. Mr.Pussy

Posts: 348; Member since: Feb 16, 2017

piyath......lol ha ha ha ha ha ha haaaaaa.....

24. Mr.Pussy

Posts: 348; Member since: Feb 16, 2017

Yep Apple always come out with everything perfects. Just a few bugs in software they cant seems to fix thats all. Updates after updates, bugs after bugs lol. Perfect my a$s lol

44. ph00ny

Posts: 2031; Member since: May 26, 2011

Siri, Map, lack of MMS in the earlier version of iphone...

8. Panzer

Posts: 282; Member since: May 13, 2016

In 3 perfectly executed steps you can defeat my S8 iris scanner but the fourth step is a little more complicated. Then you have to break into my home steal my device well I am sleeping and not wake up the dog or me. Since that is the only time it is not on me. Then you can see my photos and emails. Or just threaten me with violence and I will open it up for you.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.