If you think biometric lock is very secure and it is difficult to break into your phone, you might be incorrect.
Hackers from the German hacker collective Chaos Computer Club (CCC) have successfully managed to break the iris recognition feature of Samsung's new Galaxy S8 smartphone to unlock the phone. In a video, they have demonstrated how the technique works.
The iris recognition feature in the S8, manufactured by the company Princeton Identity, promises secure user authentication by using the pattern of human iris.
But the test conducted by CCC shows the S8 can be tricked into believing that it sees the eye of a legitimate user. They claim a photo of the legitimate owner can be used to unlock the phone. Attackers can not only get access to the phone's data, but also to the mobile wallet.
"If you value the data on your phone – and possibly want to even use it for payment – using the traditional PIN-protection is a safer approach than using body features for authentication," said Dirk Engling, spokesperson for the CCC.
He added: "The security risk to the user from iris recognition is even bigger than with fingerprints as we expose our irises a lot. Under some circumstances, a high-resolution picture from the internet is sufficient to capture an iris."
The video shows hackers can capture iris photo with a digital camera in night-shot mode or the infrared filter removed. If the structure of the iris is visible properly, the photo can be then printed on a laser printer.
CCC said they managed to get the best results with Samsung laser printers. Then, a normal contact lens was placed on top of the print, which was to emulate the curvature of a real eye. This trick fooled the iris recognition feature into acting as the real eye that was put in front of the camera.
Check out the video below to learn more about how the hackers fooled the iris recognition feature of the S8.