Security experts have once against bypassed mobile Biometric system installed on a mobile device, the Samsung S8 model.
Hackers used a camera, a printer and a contact lens to bypass the iris scanner installed on the Samsung S8.
Some smartphones use facial recognition technology for user authentication, researchers from the Chaos Computer Club (CCC) demonstrated that is possible to easily bypass the scanner’s protections and unlock the device.
“We’ve had iris scanners that could be bypassed using a simple print-out,” Linus Neumann, one of the experts who devised the hacking technique, told Motherboard in a Twitter direct message.
“The Samsung Galaxy S8 is the first flagship smartphone with iris recognition. The manufacturer of the biometric solution is the company Princeton Identity Inc. The system promises secure individual user authentication by using the unique pattern of the human iris.” reads the post published by the Chaos Computer Clubs.
“A new test conducted by CCC hackers shows that this promise cannot be kept: With a simple to make dummy-eye the phone can be fooled into believing that it sees the eye of the legitimate owner. A video shows the simplicity of the method.”
The researchers emulate the thief capturing iris pictures with a digital camera in night-shot mode or the infrared filter removed. Then, to give the image some depth, the experts placed a contact lens on top of the printed picture.
“The easiest way for a thief to capture iris pictures is with a digital camera in night-shot mode or the infrared filter removed. In the infrared light spectrum – usually filtered in cameras – the fine, normally hard to distinguish details of the iris of dark eyes are well recognizable.” continues the post. “Starbug was able to demonstrate that a good digital camera with 200mm-lens at a distance of up to five meters is sufficient to capture suitably good pictures to fool iris recognition systems.”
The researchers explained that they quickly found the way to devise the facial recognition system implemented by Samsung, in just one day of experiments that bypassed it.
“About a day of experimenting until the idea came up do use a contact lens. Then, a little charade of printers until it turned out that the Samsung printer provided the most reliable prints,” Neumann told Motherboard.
This isn’t the first time experts at CCC bypassed biometric locks for smartphones, the first proof of concept attack of this kind was presented at Germany’s Chaos Computer Club in 2013 to hack an iPhone 5s, in 2014 the German researcher Jan Krissler, aka Starbug, demonstrated at the same hacking conference how to bypass Fingerprint biometrics using only a few photographs.
In March YouTube vlogger iDeviceHelp posted a video on his channel, in which the user Marcianotech demonstrated how to unlock a Samsung Galaxy S8 or Galaxy S8 Plus getting the device owner’s picture from Facebook and presenting the image to the locked phone.
Ler’s wait for the Samsung reply.
(Security Affairs – Samsung S8, hacking)