Hackers have published details of a method to break the iris-based authentication in Samsung’s Galaxy S8 that involves the use of a number of basic, everyday items.

Published by German whitehat hacking group Chaos Computer Club, the hack involves the use of a digital camera, a laser printer (with Samsung models apparently working best) and a contact lens. To bypass the Iris scanning feature, a digital camera is used to take a picture of a phone owner’s face that is then printed out via the laser printer. The contact lens is then placed on top of the face to mimic an actual iris, held in front of the phone and bingo: The Galaxy S8 unlocks.

While the hack is fairly simple, there are some provisos in its implementation, including making sure the quality of the photo is such that the details within an iris are captured and readable, such as by tweaking the brightness and contrast on the image.

The iris scanning feature, powered by a biometric scanner manufactured by Princeton Identity Inc., promised to be an easier way for users to unlock their phones. When the Galaxy S8 launched, Samsung said it offered “one of the safest ways to keep your phone locked.”

“Iris recognition may be barely sufficient to protect a phone against complete strangers unlocking it. But whoever has a photo of the legitimate owner can trivially unlock the phone,” CCC spokesman Dirk Engling said in a blog post. “If you value the data on your phone – and possibly want to even use it for payment – using the traditional PIN-protection is a safer approach than using body features for authentication.”

The Galaxy S8 does offer fingerprint scanning as an alternative to iris scanning. But while no one has yet published a hack to the S8’s fingerprint scanner, it should be remembered fingerprint scanning has also been proven to be hackable before. The CCC itself published the details of a way to hack the fingerprint scanner in an iPhone 5S back in 2013.

Photo: Chaos Computer Club