It was marketed as being ‘airtight’. However, researchers have found a way to breach Samsung’s iris scanning security technology rolled out in the phone maker’s flagship Galaxy S8 smartphones.
Used to unlock the smartphones, the iris scanner was duped by a photograph and a contact lens by researchers at the Chaos Computer Club. While Samsung said it was ‘aware of the issue’, a spokesman said that iris scanning remains ‘virtually impossible to replicate’ and has gone through ‘rigorous testing’.
"If there is a potential vulnerability or the advent of a new method that challenges our efforts to ensure security at any time, we will respond as quickly as possible to resolve the issue," a spokesman said.
Security expert Ken Munro said the discovery was ‘another reminder that biometrics is not a silver bullet’. "Personally, I prefer fingerprints to iris unlock,” he said. “Your fingers are already holding your phone, so why not use prints rather than wave your phone in front of your face?
"If you want to be really secure, choose fingerprints and a secret number. If you must have iris unlock, please walk everywhere with your eyes closed, so your iris can’t be photographed."
The Chaos Computer Club posted a video showing their researchers breaking into a Galaxy S8. They did this by photographing a volunteer’s eye with a camera’s infra-red night vision setting. After printing the image, the researchers placed a contact lens over the photograph and presented it to the smartphone’s iris scanner.
The Galaxy S8 and S8 Plus were unveiled in March, with the eye-scanning technology a much talked about feature. Used as an extra security setting to unlock the smartphone, the eye-reader could soon be used to confirm payments over online banking. It is in fact, just one of four different ways to unlock the phone with password, finger print and facial recognition all available.