Recently, a video was released showing people how to hack the Samsung Galaxy S8’s iris scanner. Samsung has since issued a statement defending its technology.
Possible, But Impractical
When news of the hack first broke, Samsung issued a statement saying that it would look into the matter further. Now, it has released a follow-up statement where it admits that the hack is technically possible, but highly unlikely in a real-world situation.
“You need a camera that can capture infrared light (used in the video), which is no longer available in the market. Also, you need to take a photo of the owner’s iris and steal his smartphone,” a Samsung spokesperson told The Korea Herald.
For the most part, we agree with Samsung’s assertion. The odds of someone successfully managing to pull off this hack are very low. That being said, we do question the company’s claim regarding the difficulty of obtaining a camera that captures infrared light. While these cameras may not be available from first-party sellers, a quick Google search turned up plenty of options from eBay and other third-party sites.
That being said, this issue does call into question Samsung’s claims that its iris scanner is more secure than the FBI’s fingerprint technology. After all, Samsung didn’t dismiss the possibility of the hack so much as the likelihood of it occurring, which doesn’t address the security flaws within the iris scanning technology.
Despite Samsung’s reassurances, a spokesperson for Chaos Computer Club, the group behind the hack, claims that a secure PIN is still the best way to secure your smartphone.
The truth, as is often the case, lies somewhere in the middle. Samsung is correct that the hack presented by Chaos Computer Club would be very difficult to pull off and the hacking group is also correct that a PIN would prevent this particular method of hacking.
The reality is that if someone wants to get into your phone bad enough that they’d be able to hack the iris scanner then they’ll probably be determined enough to figure out your PIN.
Obviously, you should always do your best to ensure that your personal information is secure. In truth, a secure PIN and the iris scanner are sufficient security for casual users as most people simply aren’t going to be the target of such a sophisticated effort.