Samsung Galaxy S8 iris scanner hacked using contact lens

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

The Samsung Galaxy S8’s iris scanner has been tricked by a group of hackers.

The South Korean company has made a big deal about the handset’s iris scanner, which is supposed to be a highly secure and convenient way to unlock the S8 and authenticate payments.

However, Chaos Computer Club, a German hacking collective that has also conquered the iPhone’s TouchID fingerprint sensor, has fooled the system with a dummy eye.

The group managed to unlock an S8 using a picture of the owner’s eye with a contact lens placed on top of it, to mimic the curvature of a physical eyeball.

“If you value the data on your phone – and possibly want to even use it for payment – using the traditional pin-protection is a safer approach than using body features for authentication,” said Dirk Engling, Chaos Computer Club’s spokesperson.

“The security risk to the user from iris recognition is even bigger than with fingerprints, as we expose our irises a lot. Under some circumstances, a high-resolution picture from the internet is sufficient to capture an iris.”

According to the hackers, you can dupe the iris scanner with a picture taken from social media sites, but digital photographs taken in night mode work best.

They also took the opportunity to have some more fun at Samsung's expense, claiming: “Ironically, we got the best results with laser printers made by Samsung.”

While the Galaxy S8 is a highly impressive device, the poor placement and design of its fingerprint sensor damages the user experience significantly.

It’s small, shallow, difficult to reach and positioned right next to the camera lens. Unfortunately, the high-tech alternatives aren’t perfect either.

The iris scanner fails on a regular basis, as it struggles to work in bright light and when you’re moving. The phone’s facial recognition system, meanwhile, was tricked by a photograph almost immediately after launch.

That leaves the PIN as the most reliable way of unlocking the phone. Unfortunately, according to a recent study, PIN codes can be exposed simply by watching how a phone moves when it is being held.