Seems like even 2017 isn’t that great for Samsung. Its flagship phones have always been marred by different controversies, be it exploding batteries, or hacks on advanced security features.
The new S8 comes loaded with a slew of safety features, facial recognition, iris scan, etc., to name a few. While hacker had staged a hack of face recognition using a photograph of the user, the iris scan also didn’t fare that well. While Samsung describes the it as ‘airtight’, the advances biometrics feature was hacked using a simple technique.
All the researchers at Chaos Computer Club needed was a picture of the eye and a pair of contact lenses.
The researchers first registered a volunteer’s eyes using the iris scanner. They then took a photograph of the volunteer’s eyes with infra-red night vision settings on a digital camera. In the next step, they printed the photograph of the eyes and placed a contact lens over it. And lo, the biometrics enabled smart security feature was hacked. As the trick bypassed the security test.
The research team also posted a video of the hack using the false eye, which is now trending.
According to Samsung, the iris-scanning technology has undergone rigorous testing to prevent any security compromise. “If there is a potential vulnerability or the advent of a new method that challenges our efforts to ensure security at any time, we will respond as quickly as possible to resolve the issue. The discovery was another reminder that biometrics is not a silver bullet”, security expert Ken Munro said, while talking to BBC.
He continued stating that he personally prefers using fingerprints over iris scanners considering that your fingers are already holding the phone. Fingerprints and a secret number are the best option currently.
Ironically, Samsung has told the BBC it was “aware of the issue”. But haven’t stated anything more. Until then, this is just a heads-up for the S8 owners.