Recently introduced by Samsung Galaxy The S8 is one of the first smartphones equipped with an iris reader as a means of user authentication. Alongside facial recognition and a fingerprint sensor, this was supposed to be the most secure authentication method on a phone ever. Experts from CCC (Chaos Computer Club) but now they have proved that the security of the scanner will have to be worked on by the engineers at Samsung because they managed to break it.
At the same time, hackers needed relatively ordinary equipment: a photo of the owner of the phone, a computer, a printer, paper and a contact lens. The photo was taken with the infrared filter activated and of course the person needed to have their eyes open (or at least one). Subsequently, all that was needed was to print a photo of the eye on a laser printer, attach a contact lens to the photo in the place of the iris, and it was done. The reader didn't even hesitate and unlocked the phone within a second.
This confirms once again that the most secure is still the good old password, which no one can steal from your head, that is, if we do not count social engineering, and above all, it can be changed at any time, which cannot be said about body parts used for biometric authentication. The fingerprint sensor can be fooled for many years and immediately after the premiere Galaxy S8 we are convinced, that a simple photo is enough for someone to get into our phone through the facial recognition function.
Updated about the statement of Samsung Electronics Czech and Slovak:
"We are aware of the reported case, but would like to reassure customers that the iris scanning technology used in the phones Galaxy S8, underwent thorough testing during its development in order to achieve high recognition accuracy and thus avoid attempts to break through the security, e.g. using a transferred iris image.
What the whistleblower claims would only be possible under a very rare confluence of circumstances. It would require a very unlikely situation where a smartphone owner's high-resolution image of the iris, their contact lens, and the smartphone itself would be in the wrong hands, all at the same time. We made an internal attempt to reconstruct such a situation under such circumstances and it proved very difficult to replicate the result described in the announcement.
However, if there is a hypothetical possibility of a security breach or a new method is on the horizon that could compromise our efforts to maintain tight security around the clock, we will address the matter promptly.”
