Can We Use a Selfie Photo for Iris Scanning?

Suppose you have a clear pic, absolutely. That said, it won’t be as simple as grabbing the closest snapshot of your face and waving it in front of your phone. Even if you’re trying with a good selfie, you might still run into a few problems.

See, modern mobile phones use technology to judge whether it’s being used on a 2D photo or a real 3D eye. We say try, because, with a few simple tricks, you can easily fool your phone.

Unfortunately, you’re not the only one who can.

The Biometric S8 Iris Scanner Hack

The original ‘big hack’ happened in 2017 when Samsung released the Galaxy S8. The device included an iris scanner, and it was heavily marketed at the time as one of the safest ways to lock your phone.

At least, that was the case until members of the Chaos Computer Club quickly hacked the lock and posted a video of how they did it.

The process was relatively simple. The team took a high-quality night-mode photo, and, ironically, printed it out with a Samsung printer. Now, an S8 can judge whether an eye is a two-dimensional photo or an actual three-dimensional eye. To circumvent the problem, CCC used a contact lens to create the illusion of a curve.

One, two, three, and in those few steps, they hacked the phone’s iris scanner. The worrying implication, of course, is that any selfie can be used to recreate their success. If you consider our obsession with taking high-quality photos for social media, it’s a risk that can’t be dismissed.