If only Samsung knew how easy it is to hack the Iris scanner in its Galaxy S8 and Galaxy S8+, which the company claims is "one of the safest ways to keep your phone locked," things would be different. But it's a tad too late now. German hackers demonstrated a gaping security flaw in Samsung's latest flagships, and the Samsung's response is not too convincing.
A group of hackers at the Chaos Computer Club (CCC) used a simple technique to trick the Galaxy S8's Iris scanning technology, and guess what it worked. No complicated lines of codes or expertise in sophisticated software are involved in this trick. All you need to hack Samsung's Iris scanner is a printed photograph of the owner's iris, a contact lens and you're good to go.
"Iris recognition may protect a phone against complete strangers unlocking it, but whoever has a photo of the legitimate owner can trivially unlock the phone. If you value the data on your phone – and possibly want to even use it for payment – using a traditional PIN is a safer approach," Chaos Computer Club (CCC) spokesperson Dirk Engling on Tuesday, said in a blog post on Tuesday.
The simplicity of the hack can be seen in the video below:
In order to pull off this trick, the hacker would need a clear photo of the victim's eyeball, which CCC security researcher Starbug said is possible from a distance of 15 feet. Then print the photograph with good quality, place a contact lens to replicate the eye's curvature and finally scan it by placing it in front of the device.
In response to the hack demonstrated by CCC hackers, Samsung issued a statement to Gizmodo, where it is said to be working on a resolution.
We are aware of the issue, but we would like to assure our customers that the iris scanning technology in the Galaxy S8 has been developed through rigorous testing to provide a high level of accuracy and prevent attempts to compromise its security, such as images of a person's iris. If there is a potential vulnerability or the advent of a new method that challenges our efforts to ensure security at any time, we will respond as quickly as possible to resolve the issue," the company said in a statement.
But the fact that Iris scanners can be hacked so easily is surprising. Especially when the company using the technology in its flagship smartphone says it is "virtually impossible to replicate." What's more concerning is the fact that the Iris scanner can be used to authenticate payments via Samsung Pay. This is a good lesson for smartphone users to opt for PIN encryption in favour of biometric authentication.
Samsung Galaxy S8's Iris scanner feature isn't the only vulnerable piece of tech in the phone. Previously, the handset's facial recognition software was just as easily tricked by holding a photograph in front of the device. That leaves us with fingerprint scanner in the Galaxy S8, which has been moved to the back of the phone to cause a bit of inconvenience to the user compared to the front position in previous models. In conclusion, locking the phone with a PIN or pattern seems to be the most viable and safest method to protect your data on the device.
![BJP fields Tashi Gyalson for Ladakh; drops sitting MP [details]](https://data1.ibtimes.co.in/en/full/797185/bjp-fields-tashi-gyalson-ladakh-drops-sitting-mp-details.jpg?w=220&h=138)
