Hacker Circumvents Galaxy S8 Iris Scanner Using A Photo And Contact Lens

Smartphone security is a big deal, and smartphone makers are always trying their best to get users to at least use PINs on their devices.

The best way to increase smartphone security is to make it easier for users to turn security features on without the friction that they usually entail. Fingerprint sensors are one way of doing that, but Samsung offers Iris sensing as part of its Galaxy S8, too.

The idea is that people just look at their phone and it unlocks, and it generally works well. It’s supposed to be more secure than a fingerprint, too. Unfortunately, it turns out that just like facial unlocking, it might actually be relatively easy to bypass by using an IR image and a contact lens. Now, admittedly, this isn’t something that will let the average thief get into your Galaxy S8, but it’s worth bearing in mind for those times the FBI wants to poke around your phone.

Hacker Jan Krissler, who goes by the name starbug, has published a video in which his relatively low-tech process is capable of unlocking a supposedly secure Galaxy S8 handset. How it works is surprisingly simple. As the video shows, Krissler demonstrates that by using an infrared picture of a person’s face, taken by using the night mode setting on a normal point and shoot camera, the Galaxy S8 can be fooled.

If you are wondering where the contact lens comes into play, it is simply placed over a printout of the aforementioned photo in order to fool the smartphone’s iris sensor into thinking it is looking at a real eyeball. It’s clever stuff, but it’s also fairly simple to do, too. Of course, none of this is possible without the photo being taken in the first place though, and thieves or people finding a locked smartphone are highly unlikely to have those at hand.

What this does do is remind us that no security measure on a smartphone is ever going to be 100% secure, and to our mind, all we can do is use whichever measure is the most secure whilst also reducing the friction people experience when using it. To that end, iris sensing technology is possibly the best option. Now we just need to perfect it.

You might also like to check out:

You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the Web.