Galaxy S8: How to bypass the Iris Scanner with a photo and a contact lens

By Chris Burns/May 23, 2017 9:54 am EST

The folks at Chaos Computer Clubs have shown how to bypass biometric security on the Samsung Galaxy S8 with a set of simple tools. Infrared camera capture of the target user's face creates a photo which is then printed. This printed photo is combined with a contact lens, and placed in front of the smartphone. The next step is opening the phone – which then allows the user in without real eyeballs.

Over at Chaos Computer Clubs or CCC.de, the Chaos Computer Club suggests that a dummy eyeball can be created to bypass Samsung's Iris Scanner. This iris recognition system has been employed on the Samsung Galaxy S8 and, before that, the Samsung Galaxy Note 7. That same device – the Note 7, is in the process of being re-released as a Samsung Galaxy Note 7 FE, AKA "Fandom Edition."

While the name on the Galaxy Note 7 is new, the majority of the contents of the device are not. Most importantly, the iris scanner has not been replaced with any new sort of iris scanning technology. As such, any sort of breakthrough on the Galaxy S8's iris scanner will likely work on the slightly older Galaxy Note 7, too.

Above is a video captured and produced by the CCC crew. The good news here is that one cannot fool this iris recognition system with a photo downloaded from the internet. A standard photograph will not do the trick.

As the video shows, the "hacker" will need to capture an image in "Night Shot Mode" on a digital camera – or they'll need the camera's infrared filter removed. Or – if the hacker is especially adept, they could use an infrared camera (which isn't always cheap). The resulting image – if sharp enough – can be printed and used with a contact lens to fool the iris scanner on the Galaxy S8. Or so they suggest here.

UPDATE: According to another video presented by CCC, they suggest that a high-enough resolution image from any camera could potentially work. Just so long as the right details are visible in the iris, and the image is resized to normal human size, a lens on top will be sufficient to fool MOST modern iris scanners.

So what should you do?

Use a PIN code to log in to your smartphone. Biometric scanners of all sorts can be fooled. Then again, if what the FBI had done is indicative of the future, PIN codes won't be much use for long legally anyway. So maybe just don't take any incriminating photos and don't do anything illegal, ever – and also don't have a bank account, and don't make any calls or texts to your loved ones. To be extra safe, just skip everything, basically.