The hackers were able to trick iris scanner in the Samsung Galaxy S8 (video)
Proposed in the smartphones of the company Samsung Galaxy and Galaxy S8 S8+ biometric authentication using retina scan iris was announced as the safe and reliable protection. But undertaken for the case of the German hacker community Chaos Computer Club (CCC) quickly and without great investments overcame this innovative protection. On his page on the Internet experts has published the methodology of the process and posted the video.
To overcome the protection needed simple contact lens and high-quality photographs of the eyes of the owner. The survey was performed in “night mode” that simulates the infrared, well detailing the retina and run on the same technology used by the scanner, which is installed in Galaxy S8. The assurance of the hackers, photos can be done using 200 mm digital camera lens from a distance of up to 5 meters.
Then the printed on a laser printer. Ironically the most high-quality the given printer from Samsung. The top photo on the center set of contact lens, needed to give volume to the designs. The scanner detects the wearer’s eyes and opens access not only to the smartphone, but payment service, Samsung Pay, are also protected using biometric identification.
The authors admitted that most expensive in the hacking process is acquisition, in fact, the Galaxy S8 needed for the experiment. This is one of the community leaders of CCC Angling Dirk (Dirk Engling) suggested smartphone users to return to the traditional protection devices – input PIN.
In turn, the press service of Samsung in response said: “the Demonstrated method can be implemented only through the use of complex expensive equipment and the coincidence of several circumstances. Required quality the retina at high resolution, obtained with the infrared camera, contact lenses, and the smartphone itself. During the internal investigation, it was found that to achieve the desired result using this method is extremely difficult.” Samsung emphasizes that they will make all efforts to address the identified vulnerability.