It's a pretty well known fact at this point that using any form of biometric authentication, such as a fingerprint scanner or face unlocking, is essentially choosing convenience over actual security. That is, there are a ton of ways to fool the current technology, and while passwords can be changed, physical features cannot, plastic surgery notwithstanding. This has once again been proven right, as a group of researchers from the Chaos Computer Club, who have demonstrated a method for bypassing the Samsung Galaxy S8
's iris scanner.
The process, as demonstrated in the video above, is actually pretty simple: a photo of the subject is taken from a moderate distance with a digital camera (using night mode, so as to capture the same infrared image the S8's scanner would see). Then, the photo is printed out, with the best results coming, ironically, from a Samsung laser printer. And lastly, a contact lens is placed above the printed iris to simulate a three-dimensional object, which the iris scanner then erroneously recognizes as the real thing.
Or in other words, anyone with the ability to take a frontal picture of you can gain access to your device with minimal effort and resources, while Samsung claims its iris scanner provides "airtight" security, and "is one of the safest ways to keep your phone locked and the contents private." Whoops.
Still, such an attack requires a person extremely dedicated to unlocking another's phone, so chances are the everyday consumer is mostly in the clear. However, this does serve as a good reminder to never fully trust a company claiming to have reinvented security overnight.