The ability to unlock a device with your face is nothing new - Android had it back in 4.0 Ice Cream Sandwich. But recently, we've seen more complex eye unlocking technology crop up on consumer electronics, such as Windows Hello. The Galaxy Note7 and S8 included something similar, called the Iris Scanner.
Members of the Chaos Computer Club, Europe's largest association of hackers, claim they have broken the security of the S8's Iris scanner. This was achieved by taking a photo of the owner's eye, tweaking the brightness and contrast until the full structure of the iris was visible, and (ironically) printing the eye on a Samsung laser printer. The final step was placing a normal contact lens over the image - this successfully fooled the S8 into unlocking.
Of course, capturing a photo of someone's eye with the required detail is the hard part. The CCC found that a camera capable of taking night-vision photos, or one with a removed infrared filter, was sufficient enough for this method. CCC member 'Starbug' was able to demonstrate that a digital camera with a 200mm lens at a distance of up to five meters was enough to capture the required images.
As is usually the case for these discoveries, the amount of work required to unlock the device will likely deter most thieves from breaking in. But if you have any sensitive data on your device, or you happen to see someone pointing a camera at you in public, it might be best to use a simple lock screen password instead.
- Chaos Computer Club