WATCH: The Samsung Galaxy S8 iris scanner is not as safe as you think 6 years ago

WATCH: The Samsung Galaxy S8 iris scanner is not as safe as you think

Those clever Germans.

A German hacker group called Chaos Computer Club have demonstrated that the new feature on the Samsung Galaxy S8 has a fatal flaw.


The Galaxy S8 wanted to create an alternative security feature which didn't involve using a fingerprint scanner or password and created the iris-recognition feature.

The feature on the smartphone, however, was defeated by the group using a dummy eye. They posted a video to YouTube which shows the fake eye tricking the phone into thinking it is seeing an actual eye of a registered user.

They took a photo of the registered user's face at a medium distance using a digital camera and then printed out a zoomed-in image of their eye (ironically, on a Samsung printer).

To make the image on the sheet of paper look like a real eye, the hackers carefully placed a contact lens over the iris of the printed eye picture which, in turn, stimulated the curvature of an eye.

The dummy eye was then held up to the front facing camera of the locked Galaxy S8 and was unlocked. Shockingly, the group even suggested that the dummy eye image could be taken from social media.

Clip via herr hieber

It would take a very good phone thief to pull off this trick and use it to their advantage. In order to successfully unlock a phone they had stolen, they would either need to take a picture of the victims face beforehand, or track down their identity on social media.

A spokesperson for the Chaos Computer Club, Dirk Engling, said on their website: "The security risk to the user from iris recognition is even bigger than with fingerprints as we expose our irises a lot. Under some circumstances, a high-resolution picture from the internet is sufficient to capture an iris."

He added: "If you value the data on your phone – and possibly want to even use it for payment – using the traditional PIN-protection is a safer approach than using body features for authentication."