Skip to main content

Hacker beats Galaxy S8 iris scanner using an IR image and a contact lens

Hacker beats Galaxy S8 iris scanner using an IR image and a contact lens

/

Eye spy

Share this story

If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement.

Based on name alone, the futuristic iris-scanning feature on the Galaxy S8 sounds like it would be the most secure way to lock your phone. Hacker Jan Krissler, who goes by the name Starbug, shows in a recent video that, despite the impressive technology in unlocking your phone with your eyes, the security system can be beaten with a relatively low-tech hack.

As the video shows, Starbug is able to take a infrared picture of a person’s face using the night mode setting on a regular point and shoot camera. Print it out on an ordinary laser printer and it fools the camera by placing a contact lens over the image to give it the appearance of an actual human eye. While it certainly is a little more effort than, say, circumventing the S8’s facial recognition with a picture, the hack is certainly simple enough for the average person to do on their own.

It’s also not Starbug’s first impressive hack of this nature. In the past, he’s re-created the fingerprint of Germany’s defense minister Ursula von der Leyen using pictures of her fingers, and was one of the first to bypass Apple’s TouchID with fake fingerprints just days after it launched.

It’s a good reminder that while phones like the Samsung Galaxy S8 offer numerous ways to secure your phone — a traditional passcode, a swipe pattern, a fingerprint scan, facial recognition, and more — even the most secure biometric locks can eventually be broken by a determined hacker.