Samsung Galaxy S8's iris scanner has been a subject of a debate lately as a German hacking group recently claimed that the security feature can be bypassed using a photo and contact lens. Now, the South Korean company has reportedly termed the method used by the hacking group as unrealistic in real life and questioned the methods used in the video that was released recently.
A Samsung spokesperson said that the technique used in the video released by the hacker group seems simple but it is hard to see it happening in real life, as per a report by The Korea Herald. "You need a camera that can capture infrared light (used in the video), which is no longer available in the market. Also, you need to take a photo of the owner's iris and steal his smartphone. It is difficult for the whole scenario to happen in reality," he was quoted as saying in the report.
The explanation from the company comes in response to a video posted by the Chaos Computer Club (CCC), a German hacking group founded back in 1981, which shows the Galaxy S8 being unlocked using a printed picture of the owner's eye with a contact lens on top to replicate the curvature of a real eyeball. "A high-resolution picture from the internet is sufficient to capture an iris," CCC spokesman Dirk Engling was quoted as saying earlier this week. "Ironically, we got the best results with laser printers made by Samsung," he said.
While tricking a feature doesn't appear to be a very dangerous thing at surface, Samsung allows users to use iris scanner to make mobile payments, apart from unlocking the smartphone. In these kinds of cases, it becomes crucial that a security feature offered by the company doesn't become an easy target for hackers.
Notably, we found in our own testing of the Samsung Galaxy S8 that the facial recognition feature could not be fooled by just using a printed image or the image of the owner on a separate display.