A German hacker group called the Chaos Computer Club (CCC) released a video showing how easy it is to fool the Galaxy S8’s iris scanner.
The CCC was able to use everyday items like a camera, a regular printer, and contact lenses to unlock a Galaxy S8 using its iris scanner, which is an alternative to the fingerprint sensor.
Back in April, the company behind the Galaxy S8’s iris scanning technology claimed it was safer than the FBI’s fingerprinting technology. While that may be true, it’s still not secure enough to deter a determined thief or hacker.
I’ve contacted Samsung about the trick, but haven’t yet received any comment or official statement.
See how the CCC did it:
According to the CCC, you simply need to take a picture of a Galaxy S8 owner's face with a camera's 'night mode' activated.
As you can see from the screenshot above, as well as the video caption, you don't need to be too close to take a picture for the hack.
For the hack to work, you need to take the picture using a camera's 'night mode' so that it uses the camera's infrared flash.
I should note that the image that's being printed doesn't appear to be from the same photo taken at the beginning of the video, or the previous screenshot above. With that in mind, it's not clear whether a photo taken from a medium distance is actually sufficient for the trick.
It's not clear from the video exactly why the CCC added the contact lens, but it's presumably used to mimic the rounded curvature of an eye.
And the CCC member simply held up the printed image with the contact lens to the Galaxy S8's iris scanner, and unlocked the phone.
Back in March 2016, researchers at Michigan State University showed how they could fool the iPhone 5s' fingerprint scanner. A potential thief would need to get a high-resolution photograph of a person's fingerprint and then print the photograph in high-resolution on special paper.
In September 2013, the CCC showed off a similar fingerprint sensor hack where it used latex paper and a fingerprint lifted from a glass.
Essentially, it means there's no foolproof way to secure your smartphone, even with advanced biometric technology like the Galaxy S8's iris scanner. It seems like the best way to protect the data on your smartphone is the old-fashioned way: Keep it close and do anything you can to prevent someone from stealing it. Even pin codes aren't safe, as a thief could spot you typing in your pin code before stealing your phone.
If ever your phone gets lost or stolen, your best bet is to call your service provider to deactivate the sim card and permanently lock the phone, and change the password on services and accounts you use on your phone. That means email, bank account login information, social media accounts, home security accounts (from services like Canary or a smart home systems), video streaming services like Netflix, and anything else you use on your smartphone.