Update: Samsung issued a response to the hacker’s claim, “The reporter’s claims could only have been made under a rare combination of circumstances. It would require the unlikely situation of having possession of the high-resolution image of the smartphone owner’s iris with IR camera, a contact lens and possession of their smartphone at the same time. We have conducted internal demonstrations under the same circumstances however it was extremely difficult to replicate such a result.” Read the entire reply on The Inquirer.
The multiple biometric system on Galaxy S8 is probably what makes Samsung’s phone so attractive to hackers. After a vlogger showed how the facial recognition system of the phone can be deceived , a different hacker took a shot with the iris scanning system. (Un)surprisingly, it managed to trick it with a couple of tools #biomagic
Jan Krissler, also known as Starbug, found a way to log in a smartphone via iris recognition without actually scanning his eyes. All he needed to achieve this feat was a digital camera and a pair of contact lenses. First, Krissler asked someone to take his picture with the point and shoot camera, set in night mode. Then, the magnified infrared picture is printed out with the help of a laser printer.
Now, the magic happens. Over one of the eyes, the hacker places a contact lens so it gives the appearance of a human eye. Then, after registering his iris, Krissler shows he can log in just as easily with the picture and contact lens:
Granted, not all of you have a pair of contact lenses lying around, but if you were to test this trick at home, we bet you could find the necessary resources in a couple of days.
Jan Krissler is not at his first hacking “job”. He was one of the first people to show Apple’s TouchID vulnerabilities, days after it launched.