The Samsung S8’s iris recognition security feature has been shown to be easily bypassed with “basic tools” by German hackers.
Launched as the technology giant’s comeback phone after the disastrous roll-out of the fire-prone Note 7 handset, the S8 was only unveiled back in March and has been available for purchase for less than a month.
Among the phone’s new features was its iris recognition technology, which would allow users to unlock their phones merely by pointing the camera at their unique iris patterns.
Unfortunately, the security feature can be easily circumvented, as shown by a team from German hacking collective the Chaos Computer Club (CCC).
Founded in 1981, it is Europe’s largest association of hackers and is seen as a group of curious technologists rather than cybercriminals.
It describes itself as having spent its existence “providing information about technical and societal issues, such as surveillance, privacy, freedom of information, hacktivism, data security and many other interesting things around technology”.
In 2008, the group acquired and published the fingerprints of the German Minister of the Interior Wolfgang Schäuble in order to protest the inclusion of fingerprint data in biometric passports.
Its scepticism towards biometric technologies continues in the video the group has uploaded demonstrating how to foil the iris recognition feature only using basic tools.
This is not the time first time hackers from the CCC’s biometrics taskforce have foiled a new phone’s sensors, having shown Apple’s Touch ID fingerprint recognition could be beaten back in 2015.
They tricked the S8’s iris recognition system by using the night mode setting on a standard digital camera, as the sensor works with infrared light. The hackers took a picture of their “victim” from a few metres away.
The infrared image was then printed using a laser printer and a contact lens placed on the printed photograph of the infrared image.
When held up to the phone, it was recognised as the eye of the person for whom the handset was registered to and unlocked itself.
Speaking to the Guardian, the CCC’s spokesperson Dirk Engling said “The security risk to the user from iris recognition is even bigger than with fingerprints, as we expose our irises a lot.
“If you value the data on your phone – and possibly want to even use it for payment – using the traditional pin-protection is a safer approach than using body features for authentication.”
At the time of publication, Samsung had not responded to requests for comment from Sky News.