Folks over at Chaos Computer Club (CCC) have published a video spoofing Samsung Galaxy S8/S8+’s iris recognition feature. Apparently, it needs a photo and a contact lens to create a “dummy-eye” for the phone’s iris scanner to believe it as a real iris and unlock the phone. The report says a picture shot with a digital camera in night-shot mode or the infrared filter removed works best and the video even shows how a picture shot with a camera with 200mm lens is more than enough to spoof the iris scanner.
We’re yet to hear from Samsung but given how Samsung is touting Galaxy S8 series’ iris recognition that can also be used to carry out financial transactions on Samsung Pay, this video is concerning.
This is not the first time Galaxy S8 series’ security features have come under fire. Before the launch, someone proved a photo was enough to unlock the phone via face recognition.