According to TechRepublic, the Samsung Galaxy S8’s iris scanner, which unlocks the phone by scanner a user’s eyes, can be easily fooled by hackers, the Chaos Computer Club (CCC) wrote in a blog post on Monday.
CCC member starbug demonstrated the method used to unlock the device in a short video posted on Tuesday. The iris scanner works with infrared light, so a picture is taken of the user’s face using a digital camera in night mode. The infrared picture of the user’s eye is then printed out on a laser printer. A contact is placed over the eye and it can then be used to unlock the phone.
“Iris recognition may be barely sufficient to protect a phone against complete strangers unlocking it,” the post said.
Being that the iris recognition can also be used with Samsung Pay, this means that hackers could steal money or make fraudulent purchases as well, the post said. Dirk Engling, spokesperson for the CCC, said that traditional methods may be more secure.
“If you value the data on your phone – and possibly want to even use it for payment – using the traditional PIN-protection is a safer approach than using body features for authentication,” Engling said in the post.
While the Galaxy S8 is one of the first premium handsets to include iris recognition, the feature could come to many more phones in the future. Engling also noted in the release that a high-resolution picture from the internet could be sufficient to capture a proper iris. So a public social media profile could compromise a Samsung Galaxy S8 user if they were to lose their phone.
The iris scanner wasn’t the only biometric security measure the CCC team was able to bypass. In 2013, the team said they were able to bypass Apple’s Touch ID as well.