Galaxy S8 Iris Scanner Hacked (Easy as chewing gum)

Mobile vendors have established fingerprints as a biometric feature to unlock smartphones.
Now they turn to iris recognition, and of course fail miserably.

This video demonstrates how to circumvent the iris recognition of the Samsung Galaxy S8 flagship phone only using basic tools.

3 Likes

First two generations of Samsung products are shit anyway. The S10 (Or SX most likely^^) will have much better scanners (or none at all).

I'm just waiting on the first article stating that someone discovered samsung sending Iris 'fingerprints' to third parties. :stuck_out_tongue:

Iris's and Fingerprint should only ever be used for identification(username), not authentication. That should require something you know, rather than something you have/are.

3 Likes

BIometrics

Essentially you can't really be sure that biometrics will work unless your entire platform is closed, but even then it isn't as good as more traditional means.
Muh 16 pin passwords.

Whoever's idea it was that using fingerprints as a password on the iPhone was a good idea, must've gotten millions from the Govt. Since it's not protected under the 5th amendment.

Fingerprints and face recognition are reasonable compromises for most people. Sure, they can be defeated by someone with time and knowledge, but most people are not up against adversaries that will go to those lengths. Their adversaries are friends/family that they want to keep out, thieves who generally just wipe the device anyway, and the police who at least for now are not this sophisticated.

Even for people more concerned with security, high end fingerprint scanners and reasonable security settings are not bad. Unless you are a high value target, simply requiring the password after a single failed fingerprint unlock is enough. Even MI5 prefer to wait for the target to unlock their phone and then stage a fake mugging because the risk of failing to copy the biometric data on the first few attempts is too great.

Obviously if you are a high value target, avoid fingerprint authentication.