Samsung’s Iris Scanning Tech for the S8 Conquered5 min read

Biometric scanning as a security practice sounds great. Lock your phone with your fingerprint or facial scan and be in the clear. Even when movies and television tackle the subject, the methods for breaking the biometric security typically involve convoluted plans and insane stunts so brazen they would make Macgyver’s jaw drop.

The problem is that the hype around this tech is typically more effective than the tech itself. Fingerprint scanners are easily fooled and facial recognition software has been shown to be defeatable by a printout of the owner’s face.

Samsung and their security partner chose to enhance the iris-scanning security feature of the Galaxy S8 with language like “airtight” and suggestions that owners of the phone can “finally trust that their phones are protected”, one would expect those claims to be backed up by strong technology.

But hackers have broken the iris-based authentication in Samsung’s Galaxy S8 smartphone contrary to the manufacturer’s claim that the feature is “one of the safest ways to keep your phone locked.”

All that was required was a digital camera, a laser printer (ironically, models made by Samsung provided the best results), and a contact lens. The hack required taking a picture of the subject’s face, printing it on paper, superimposing the contact lens, and holding the image in front of the locked Galaxy S8. The photo need not be a close up, although using night-shot mode or removing the infrared filter helps. The hackers provided a video demonstration of the bypass.

This tech is going to be rolled out in a big way, likely pitched to the public in the same manner.

Sources say that advertising this iris security features as “airtight” is a fallacy. sFor biometrics generally, a good pin number is probably still your best bet. The tech may improve to the point of being the most effective option some day, but we’re not there yet.