Samsung Galaxy S8 was supposed to be a very safe phone. The Koreans have been providing security updates for their flagship mobiles for some time now. However, the Galaxy S8 was distinguished by its elaborate biometric security, namely: fingerprint reader, face recognition system and iris scanner. The last two was a compensation for fingerprint reader at the back of the case right next to the camera. Unfortunately, these protections proved to be quite easy to overcome.
On our smartphones, we often store sensitive data. In addition to our pictures or text messages, there are also emails. In the case of business phones, a smartphone with a mailbox is a very valuable for competition. Such a leak of data would harm any company. Therefore, security policy requires protection of such devices using a PIN, screen unlock pattern or biometric mechanism. A few days ago, a group of researchers called Chaos Computer Club published a video showing how to bypass the iris scanner used in the Galaxy S8.
Samsung does not see the practical application of the presented method.
The recording shows the entire process of bypassing of the iris scanner in the Galaxy S8. Everything seems very simple, but the devil is in the details. First of all, we have to have a camera with night mode with an offset infrared filter. According to a representative of Samsung, such devices are no longer available on the market. However, you can always buy used equipment at an online auction. Of course, you still have to take a picture of the victim, where the iris would be visible and steal the phone. For an average person, this is a difficult task, but criminals can handle it easily. The last step is to print the photo and use a lens that will deceive the deeper detection mechanism. Thanks to this, the Galaxy S8 iris scanner will think that it has a real eye in front.
Samsung will solve the problem.
That’s right, the presented attack scenario is difficult to implement, but it is possible. Therefore, the initial speech of Samsung representatives was badly received by the community. Fortunately, the Galaxy S8 manufacturer has no intention of disregarding this. Below is a statement Samsung sent to the Gizmodo:
We are aware of the issue, but we would like to assure our customers that the iris scanning technology in the Galaxy S8 has been developed through rigorous testing to provide a high level of accuracy and prevent attempts to compromise its security, such as images of a person’s iris. If there is a potential vulnerability or the advent of a new method that challenges our efforts to ensure security at any time, we will respond as quickly as possible to resolve the issue. – Samsung
So, Galaxy S8 owners may expect software update which will solve this problem.