Bypassing the Galaxy S8/S8+‘s iris scanner is not easy at all, according to Samsung. The tech giant issued a quick response to the recently-surfaced video of German research group Chaos Computer Club, which exposed a seemingly large security vulnerability in the company’s latest flagships.
In said clip, a photo of the subject is taken using a camera’s night mode or with the infrared filter removed, as this makes details of the iris (which are hard to distinguish otherwise) easily recognizable. Then, the photo is printed out, and a contact lens is placed above the printed iris to simulate a 3D object, which in turn bypasses the iris scanner on the S8.
Speaking to The Korea Herald, a Samsung spokesperson expressed their reservations about the hacking method, arguing that it’s “difficult” for the whole scenario to unfold in real life:
Although the one-minute video [that shows the sensor being fooled with a dummy eye] appears simple, it is hard to see that happening in real life. You need a camera that can capture infrared light [used in the video], which is no longer available in the market. Also, you need to take a photo of the owner’s iris and steal his smartphone. It is difficult for the whole scenario to happen in reality.
It’s understandable that Samsung is taking such a stance. The sheer effort and dedication required for the hack to be pulled off puts the vast majority of Galaxy S8 owners in the safe zone, Thus, iris scanning will most likely continue to be pitched as a reliable authentication method, even for the company’s mobile payment service – Samsung Pay.
However, the hard-line stance taken by the tech giant in front of Korean media on Thursday might fool some into thinking that the vulnerability won’t be addressed. This is not the case, as the initial statement from Samsung (issued on the same day on which the video surfaced) assured that the firm will try to resolve the security hole as soon as possible:
We are aware of the issue, but we would like to assure our customers that the iris scanning technology in the Galaxy S8 has been developed through rigorous testing to provide a high level of accuracy and prevent attempts to compromise its security, such as images of a person’s iris. If there is a potential vulnerability or the advent of a new method that challenges our efforts to ensure security at any time, we will respond as quickly as possible to resolve the issue.