A group of hackers was able to bypass iris recognition system of the Samsung Galaxy S8, proving that biometric authentication systems are not foolproof.
The hackers of the Chaos Computer Club (CCC) was able to successfully bypass the Galaxy S8’s iris scanner using a fake iris. To make one, they simply captured the device owner’s eye with a digital camera in Night Mode, printed it on paper, then placed a normal contact lens on top of the print to emulate the curvature of a real eye’s surface. What the video below.
“If you value the data on your phone – and possibly want to even use it for payment – using the traditional PIN-protection is a safer approach than using body features for authentication,” says Dirk Engling, spokesperson for the CCC. “The security risk to the user from iris recognition is even bigger than with fingerprints as we expose our irises a lot. Under some circumstances, a high-resolution picture from the internet is sufficient to capture an iris.”
source: CCC
Iris scanner can be enabled and disabled at will