SAMSUNG HAS RESPONDED to the news that the iris scanner on its Galaxy S8 can be "trivially" bypassed, and has said that tech has been "rigorously"tested.
On Tuesday, German hacking collective Chaos Computer Club (CCC), which famously found a way around Apple's Touch ID sensor back in 2013, revealed that it had promptly found a way to crack the iris scanner on the Samsung Galaxy S8 by creating a 'dummy eye'.
As demonstrated on video (below), the hacking group uses mode on a regular digital camera to take an shot of the phone user's eyes. It then crops and prints out an image of the eye - using a Samsung printer, no less - and places a normal contact lens on top of the image to emulate the surface of a real eye.
Dirk Engling, spokesperson for the CCC, said: "Iris recognition may be barely sufficient to protect a phone against complete strangers unlocking it. But whoever has a photo of the legitimate owner can trivially unlock the phone.
"If you value the data on your phone - and possibly want to even use it for payment - using the traditional PIN-protection is a safer approach than using body features for authentication. A successful attacker gets access not only to the phone's data, but also the owner's mobile wallet."
Samsung has since responded, and has said that whie the iris scanning tech has been thorougly tested, it will investigate the CCC's methods.
"We were aware of the report, but would like to assure our customers that the iris scanning technology in the Galaxy S8 has been developed through rigorous testing to provide a high level of accuracy and prevent against attempts to compromise its security, such as images of a person's iris," a Samsung spokesoerson told the INQUIRER.
"The reporter's claims could only have been made under a rare combination of circumstances. It would require the unlikely situation of having possession of the high-resolution image of the smartphone owner's iris with IR camera, a contact lens and possession of their smartphone at the same time. We have conducted internal demonstrations under the same circumstances however it was extremely difficult to replicate such a result.
"Nevertheless, if there is a potential vulnerability or the advent of a new method that challenges our efforts to ensure security at any time, we will respond as quickly as possible to resolve the issue." µ
You can't fault them for speed
Investigation reveals that malicious code was injected into the firm's payment page
Plus the three-for-free
And it's not just on Ubuntu, neither