German hackers bypass Samsung's iris scanner using a contact lens

The iris scanner is just one of the security features on the new S8

Whether it’s a PIN code or a fingerprint scanner, phone manufacturers are constantly exploring new ways to protect user information. Samsung introduced its iris scanner technology with the Galaxy S7 and S8, and it was believed to be a safe and easy-to-use method for securing your phone.

However, a German hacking group called Chaos Computer Club has now managed to get around the security measure.

Using a dummy eye with a picture of the owner's eye with a contact lens placed on top of it, the group were able to gain access to the device via the iris scanner. The lens gave the curvature of a physical eyeball, thus unlocking the phone.

In a statement issued to Newstalk.com, Samsung confirmed it is investigating the report. The company says the iris scanner was "developed through rigorous testing and prevent attempts to compromise its security."

“The reporter’s claims could only have been made under a rare combination of circumstances. It would require the unlikely situation of having possession of the high-resolution image of the smartphone owner’s iris with IR camera, a contact lens and possession of their smartphone, all at the same time. We have conducted internal demonstrations under the same circumstances and it was extremely difficult to replicate such a result."

 

“If you value the data on your phone – and possibly want to even use it for payment – using the traditional pin-protection is a safer approach than using body features for authentication,” said Dirk Engling, Chaos Computer Club’s spokesperson.

“The security risk to the user from iris recognition is even bigger than with fingerprints, as we expose our irises a lot. Under some circumstances, a high-resolution picture from the internet is sufficient to capture an iris.”