Samsung describes the Galaxy S8's iris scanner, which lets you unlock the phone just by looking at it, as "one of the safest ways to keep your phone locked and the contents private." After all, "the patterns in your irises are unique to you and are virtually impossible to replicate," Samsung explains on its website.
But the company may now want to rethink the veracity of its marketing tactics, following a revelation this week that the Galaxy S8 iris-recognition system was hacked with a simple technique.
Members of the Chaos Computer Club (CCC), based in Germany, were able to unlock an S8 using a photo containing its registered iris. Theoretically, that means anyone who posts selfies online and has an S8 with iris recognition enabled is giving hackers a potential backdoor to unlock their phone.
In practice, it's not that simple. To pull off their hack, the CCC explained in a blog post that they used a clear picture of the phone owner's face, which was then printed using a laser printer. They then held a contact lens on top of the eye in the photograph, in order to give it the convex three dimensional shape required for the iris scanner to recognize it.
Related
- Unlocked Samsung Galaxy S8 Now on SaleUnlocked Samsung Galaxy S8 Now on Sale
In addition to using high-resolution selfies, a hacker could also surreptitiously snap a photo of their intended victim, CCC notes.
Despite the simplicity of the hack, it doesn't reveal any fundamental flaws about Samsung's iris scanner itself. It's also worth noting that a similar technique could potentially be used to fool the S8's face recognition unlocking system, or any other phone with similar unlocking options.
Samsung did not immediately respond to a request for comment. But it does warn that face recognition (which uses the front-facing camera) is a less secure method of unlocking your phone, explaining in a footnote on its website that "face recognition is less secure than pattern, PIN, or password."
Samsung's Galaxy Book has a lot of power under the hood, but it doesn't come cheap
It replicates the ransomware's encryption key, but it will only work if you haven't rebooted your computer since it became infected.
If you think we don't have enough apps to make ourselves look ridiculous, get a lot of the latest from Microsoft.
A lot of smoke and misleading claims from the king of controversial data dumps.
Relax Selfies Could Fool the Galaxy S8's Iris Scanner stories
The multi-stage attack, which leveraged weaknesses in Signaling System Seven (SS7) affected an unspecified number of German individuals.
Intel retained the top spot for 24 years, but Samsung seems likely to steal it this year.
The US Air Force is gearing up to launch its first bug bounty program; registration opens May 15.
It's a rather unusual warning label to include on a battery that can't be removed and likely will never be seen by the owner, but there is a good reason for it.
The hacking group, known variously as Fancy Bear or Pawn Storm, uses sophisticated phishing attempts and targets victims seen as at odds with Russian interests, Trend Micro reports.
A breach discovered over the weekend may have exposed the messages and content in a small number of HipChat rooms, the company said.
Durability tests from Square Trade show that the S8 and S8+ will crack, but they'll also survive an immersion for 30 minutes with no significant damage.
Samsung is insisting this is not a design fault and can be fixed with some settings tweaks, but some owners disagree.
37 restaurants confirmed as having malware installed on point of sale equipment and card details stolen between December and March.
Samsung's personal voice assistant, called Bixby, will launch with the Galaxy S8 this month, but you won't be able to talk to it until later this spring.
Operational since 2012, the botnet was the brainchild of one of the world's most notorious cyber criminals, who was arrested in Spain last week.
A series of computer viruses targeting companies and organizations closely resembles the Vault 7 hacking tools that WikiLeaks disclosed.
Shadow Brokers tried unsuccessfully to ransom its trove of surveillance tools, so it released them for free.
A security researcher demonstrated an exploit that uses digital terrestrial TV signals to implant malicious code in the web browsers of smart TVs.
A 34-foot display supporting HDR and backed by a Harman audio system. Is that enough to entice us back to movie theaters?
Rather than just having one display on a smartwatch, Samsung wants two, with the second being placed around the rotating rim of the watch.
While other manufacturers are ditching curved TVs, Samsung is embracing them as sales are set to peak this year.
The messaging services are renowned for their end-to-end encryption, which, in this case, also made them vulnerable to attacks.
Hanging a TV above your fireplace mantle is nothing new, but a new model from Samsung mounts flush with the wall and includes a bezel that looks like an actual picture frame.
Finding stuff in the PlayStation store isn't the easiest, but maybe this could help with that.
Google's advertisers will soon be able to measure the success of their online campaigns based on credit card transaction data from physical stores.
The FCC won't prove a cyberattack happened amid claims it's stifling net neutrality advocates.
Are you on an iPhone? Click on a Facebook Trending topic right now, and chances are, you'll see a whole new world of news.
Republicans back a plan to fill your voicemail inbox with advertisements without your consent.
Thanks to mobile gigabit, your phone’s internet connection could be faster than fiber by the end of the year.
DJI's tiny new Spark drone weighs less than a soda and can be controlled with your hands.
Russia thinks that Microsoft's products aren't secure enough, so it'll build its own Skype-esque communications platform.
15 years after the franchise started, gamers can finally fight as a woman online.
You can now create a family group with up to six members of your household to easily share calendar info, photos and videos, to-do lists, and notes with everyone.