The iris recognition system on board the recently-released Galaxy S8 and Galaxy S8+ was reportedly defeated by the Chaos Computer Club (CCC). Using a printed infrared image of a human eye with a contact lens attached, the hackers were able to trick the system into thinking it was looking at the eye of the registered owner.
“Iris recognition may protect a phone against complete strangers unlocking it, but whoever has a photo of the legitimate owner can trivially unlock the phone,” says Dirk Engling, a spokesperson for the CCC. “If you value the data on your phone – and possibly want to even use it for payment – using a traditional PIN is a safer approach.”
While this news may frustrate and potentially worry many Galaxy S8 and Galaxy S8+ owners, it's unlikely prying eyes (no pun intended) will have access to a high-resolution, close-up image of your iris and unless they're armed with the picture, they can't gain access to your device.
Update: Samsung has issued a statement in response to this report.
We are aware of the issue, but we would like to assure our customers that the iris scanning technology in the Galaxy S8 has been developed through rigorous testing to provide a high level of accuracy and prevent attempts to compromise its security, such as images of a person’s iris. If there is a potential vulnerability or the advent of a new method that challenges our efforts to ensure security at any time, we will respond as quickly as possible to resolve the issue.