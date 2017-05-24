Samsung wants you to think that the iris scan technology on its new flagship phone, the Galaxy S8 , is unbeatable. But it should surprise no one who pays attention to the security world that this is not the case. In fact, Samsung's new iris scanner is very easy to trick .

A security researcher at the Chaos Computer Club in Berlin recently pulled off the feat with nothing but a camera, a contact lens, and a printer. To do it, Jan "Starbug" Krissler simply used the night mode setting on a Sony digital camera to capture an image of his buddy's eyes. (Using night mode or removing a camera's infrared filter makes it easier to capture the iris pattern details in people with dark eyes.) Then, using a Samsung printer, he printed out a life-size image of one eye and glued a contact lens to the picture to provide depth. Sure enough, the Galaxy S8 iris scanner didn't know the difference between this art project and the phone owner's actual eye. One second later, the hacker had gained full access to the phone, including Samsung Pay.

This sounds scary, but consider the caveats. A hacker would have to be determined as hell-and probably sort of a weirdo-to gain access to your data by spoofing your iris. There are many ways to hack a smartphone after all, including tricking the finger print scanner or the facial recognition software. Starbug is actually famous for bypassing Apple's Touch ID fingerprint scanner 48 hours after its release, while another hacker reportedly tricked the Galaxy S8's facial recognition software with a photo on the same day that Samsung released the device.

Image: Samsung