The German Chaos Computer Club (CCC) hackers has found a way to cheat the biometric verification safety feature found on the Samsung Galaxy S8 by tricking the phone's iris recognition software by using a simple, if somewhat, makeshift approach.
Researchers used the night mode of a digital camera to take a photo of an eye from what was described as a “medium distance” and then printed a life-size infrared image of the eyeball, according to a CCC 22 May blog post.
Researchers then placed a contact lens over the iris of the printed image to simulate the surface curvature of a real eye and then held the image in front of the S8 to unlock it.
Some adjustments to brightness or contrast may be needed depending on the picture quality and ironically the best results were from Samsung laser printers, but if all the components are in line the picture and lens will trick the phone into thinking its scanning a real eye, CCC said.
Similar proof of concept tests have been used to trick fingerprint and other biometric scanners.
“If you value the data on your phone – and possibly want to even use it for payment – using the traditional PIN-protection is a safer approach than using body features for authentication,” Dirk Engling, spokesperson for the CCC said in the post.