S8irishack: CCC unlocked Samsung Galaxy S8 with photo

The more technology that comes into our lives, the more potential security risks come with us. While smart home devices will be medium-term and smart cars a long-term problem, acute smartphones are particularly vulnerable. This just shows a video of the Chaos Computer Club, where a brand new Samsung Galaxy S8 is unlocked with a sheet of paper and a contact lens.

Already at the presentation of the S8 in New York had a few participants in the hands on area made to put the face recognition of the S8 to the test. The result was almost sobering when the photo of a face from the S8 was identified as the actual face and the smartphone unlocked.

And since the iris of a person is even more unique (complaints to the impossibility of superlatives please in the comments), as a fingerprint and for this already a kind of general key gives, such a safety feature is almost yes. One thought also at Samsung and wanted however instead to prove that the saying “well thought, bad made” has not yet served.

After the CCC had already dismantled the mother of all security features, the fingerprint sensor, quite quickly at the time of the introduction of the iPhone, the iris scanner now again worked with the simplest means. Jan Krissler is a CCC member and Ph.D. student at the research institute T-Labs of the Telekom and shows in the video, how simple the technology of the S8 can be overtaken.


What is needed is just a printed photo of an eye, that one can gladly from the Facebook profile or a well-solved well-resolved photo. To get some structure into the matter, put a contact list over the printed eye and voilà: the S8 unlocks itself as soon as one shows the prepared image of the Selfiecam.

For IT security fans and trained software developers like me, such demonstrations are of course absolutely delicious. Above all, if the manufacturer himself advertises on the website with maximum security.

“Security is child-friendly” can be supplemented here with “hackbar”, but a rework of the technique would be my preferred variant. Bugs and not so great working features are only half-tragic per se. But if I have a Samsung Galaxy Note flying around my ears or any access to my personal nude photos landscapes and messages at the S8, I’m not exactly amused about it.



Our attitude is to provide information for science and technology to prepare reports, and can not like "Nowara Shnnosuke" joking life!

Leave a Response

This site uses Akismet to reduce spam. Learn how your comment data is processed.