Skip to main content

Samsung Iris Scanner Not So Foolproof

By June 7, 2017March 1st, 2023Technology News

It seems that every time a company works hard to provide greater device security, it’s not long before an enterprising hacker comes along to find a way around the new and supposedly fool proof system.

The latest victim is Samsung’s new iris scanning technology, which has now been rolled out on their various smartphones.

In this case, the exploit was found by one of the good guys, a security researcher from the Chaos Computer Club (CCC) named Jan “Starbug” Krissler. He discovered that a photograph taken of the phone’s owner, using a 200mm lens could take a picture detailed enough to fool the iris scanner, even if the picture was taken from as far away as five meters.

Samsung has taken steps to make their scanner more robust and less likely to be fooled. One of the first things they did to get around the obvious weaknesses in the system was add facial recognition software to the equation, so that flat images like a printed picture would no longer work.

Unfortunately, that step proved to be insufficient. Krissler found that armed with a picture taken as described above, a contact lens, and a bit of glue, he could still fool the optical scanner. Cutting the eye out and pasting it onto the contact lens provided sufficient depth to still fool the scanner.

This is problematic on several levels, but the two biggest are the following Firstly, Samsung obviously devoted substantial time and resources to create this new security measure, which has now been demonstrated to be easy to get around.

Secondly, and perhaps even more problematic is that Samsung’s digital wallet technology is secured by means of the iris scanner, which puts its user base at risk. The caveat, of course, is that to make the hack work, the hacker would need physical access to the phone, but given that smartphone theft is the fastest growing crime on the planet, that isn’t a big hurdle to clear.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.