Samsung Galaxy S8 iris scanner fooled by hackers

23 May
Industry, News

The Chaos Computer Club recently posted a video showing how they fooled the iris scanner on Samsung’s new flagship phone. The group said that standard PIN systems are more secure.

According to TechRepublic, the Samsung Galaxy S8’s iris scanner, which unlocks the phone by scanner a user’s eyes, can be easily fooled by hackers, the Chaos Computer Club (CCC) wrote in a blog post on Monday.

CCC member starbug demonstrated the method used to unlock the device in a short video posted on Tuesday. The iris scanner works with infrared light, so a picture is taken of the user’s face using a digital camera in night mode. The infrared picture of the user’s eye is then printed out on a laser printer. A contact is placed over the eye and it can then be used to unlock the phone.

“Iris recognition may be barely sufficient to protect a phone against complete strangers unlocking it,” the post said.

Being that the iris recognition can also be used with Samsung Pay, this means that hackers could steal money or make fraudulent purchases as well, the post said. Dirk Engling, spokesperson for the CCC, said that traditional methods may be more secure.

“If you value the data on your phone – and possibly want to even use it for payment – using the traditional PIN-protection is a safer approach than using body features for authentication,” Engling said in the post.

While the Galaxy S8 is one of the first premium handsets to include iris recognition, the feature could come to many more phones in the future. Engling also noted in the release that a high-resolution picture from the internet could be sufficient to capture a proper iris. So a public social media profile could compromise a Samsung Galaxy S8 user if they were to lose their phone.

The iris scanner wasn’t the only biometric security measure the CCC team was able to bypass. In 2013, the team said they were able to bypass Apple’s Touch ID as well.

Connect with Secure Sense to protect data, improve your posture and systems 24/7, 365 days a year. If you have questions or want to learn more, please contact Secure Sense by calling 866-999-7506.

You can find Secure Sense on TwitterFacebook,  LinkedIn and now Instagram!


Source: https://securingtomorrow.mcafee.com/mcafee-labs/adylkuzz-coinminer-spreading-like-wannacry/?utm_content=sf79654923&utm_source=twitter&utm_campaign=Enterprise#sf79654923