CCC researchers use iris image to breach Samsung Galaxy S8 scanner
Researchers from the Chaos Computer Club (CCC) have successfully breached the Samsung Galaxy S8’s iris recognition system to unlock the device using an image of an iris, according to a report by Motherboard.
CCC has posted a video demonstrating how they bypassed the iris scanner’s protections using a camera, a printer, and a contact lens.
“We’ve had iris scanners that could be bypassed using a simple print-out,” said Linus Neumann, one of the CCC researchers who appears in the video.
Using a digital camera in night mode, the researchers took a medium range photo of their subject and printed the infrared image.
They then placed a regular contact lens on top of the printed image to emulate the curvature of an eye’s surface, which successfully dupes the iris scanner into acting as though it were a real eye.
“The patterns in your irises are unique to you and are virtually impossible to replicate, meaning iris authentication is one of the safest ways to keep your phone locked and the contents private,” according to Samsung’s website.
The researchers found they needed to adjust the brightness and contrast, depending on the image quality.
“About a day of experimenting until the idea came up do use a contact lens,” Neumann said.
Once they found all structures were well visible, they printed the iris picture on a laser printer. Ironically, the researchers got the best results with Samsung laser printers.