Yesterday afternoon you could read with us about an interesting research by experts from Chaos Computer Club, who managed to break the security of the iris reader of just two months old Galaxy S8. Hackers only needed a photo of the eye taken with an infrared camera, a contact lens, a laser printer (+paper and ink) and a computer. The iris sensor didn't linger long and unlocked the phone as soon as the fake iris was inserted. You can see the entire process in the article linked below.
In response to the article, this afternoon we received an official statement from PR manager David Sahula from Samsung Electronics Czech and Slovak, who states that breaking the reader is not as easy as the customer might think and therefore there is no need to worry about your data if the mentioned biometric authentication method on its own Galaxy You are using an S8. In order for someone to get into your phone, several circumstances need to happen, see the official statement below for more details.
"We are aware of the reported case, but would like to reassure customers that the iris scanning technology used in the phones Galaxy S8, underwent thorough testing during its development in order to achieve high recognition accuracy and thus avoid attempts to break through the security, e.g. using a transferred iris image.
What the whistleblower claims would only be possible under a very rare confluence of circumstances. It would require a very unlikely situation where a smartphone owner's high-resolution image of the iris, their contact lens, and the smartphone itself would be in the wrong hands, all at the same time. We made an internal attempt to reconstruct such a situation under such circumstances and it proved very difficult to replicate the result described in the announcement.
However, if there is a hypothetical possibility of a security breach or a new method is on the horizon that could compromise our efforts to maintain tight security around the clock, we will address the matter promptly.”
