Click to Skip Ad
Closing in...

Samsung responds to discovery that Galaxy S8’s iris scanner can be tricked by a photo

Published May 24th, 2017 11:21AM EDT
Galaxy S8 Iris Scanner Hacked
Image: Zach Epstein, BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Back when the Galaxy S8 and Galaxy S8 Plus were first released, there was some concern that people who chose to utilize the phones’ iris scanners for security might be at risk. While the S8 line also includes a more conventional fingerprint scanner, Samsung gives users the option to unlock their phones using a quick iris scan as well. Some people were concerned that the technology Samsung used might be open to being tricked by a photo of a user’s eyes, and those worries ended up being completely justified. On Tuesday, we learned that a group of security experts had indeed “hacked” the Galaxy S8’s iris scanner using nothing more than a photograph and a contact lens.

Now, Samsung has finally issued a statement in response to what appears to be a gaping security hole in its new flagship smartphones.

“Iris recognition may protect a phone against complete strangers unlocking it, but whoever has a photo of the legitimate owner can trivially unlock the phone,” said Chaos Computer Club (CCC) spokesperson Dirk Engling on Tuesday. “If you value the data on your phone – and possibly want to even use it for payment – using a traditional PIN is a safer approach.”

CCC also released the following video, which shows the group using nothing more than a photo and a contact to circumvent the Galaxy S8’s security.

After the video began spreading, Samsung on Tuesday afternoon issued a statement to Gizmodo. Unfortunately, the statement essentially boils down to we’ll look into it.

We are aware of the issue, but we would like to assure our customers that the iris scanning technology in the Galaxy S8 has been developed through rigorous testing to provide a high level of accuracy and prevent attempts to compromise its security, such as images of a person’s iris. If there is a potential vulnerability or the advent of a new method that challenges our efforts to ensure security at any time, we will respond as quickly as possible to resolve the issue.

While it’s obviously good news that Samsung is investigating the matter, this is the kind of issue that clearly should have been discovered during testing when the Galaxy S8 was in development. It’s sort of like Samsung implementing a bunch of new battery testing procedures following the Note 7 debacle, despite the fact that they should have already been in place.

Zach Epstein
Zach Epstein Executive Editor

Zach Epstein has been the Executive Editor at BGR for more than 10 years. He manages BGR’s editorial team and ensures that best practices are adhered to. He also oversees the Ecommerce team and directs the daily flow of all content. Zach first joined BGR in 2007 as a Staff Writer covering business, technology, and entertainment.

His work has been quoted by countless top news organizations, and he was recently named one of the world's top 10 “power mobile influencers” by Forbes. Prior to BGR, Zach worked as an executive in marketing and business development with two private telcos.