Just bought the Galaxy S8 or S8 Plus? Congratulations! It’s an incredible phone, and has been flying off the shelves worldwide. Now listen, hackers could easily break into your device if you’ve been using biometric methods such as facial recognition or iris scanner to unlock it. Even though the Korean company reiterates that a user’s irises are impossible to copy, a team of hackers has achieved it using simple techniques.

Galaxy S8 Iris Scanner Hacked
Image Source: Samsung.com (screenshot)

How to fool the Galaxy S8’s iris scanner

Researchers at German security firm Chaos Computer Club (CCC) have released a video showing how they bypassed the Galaxy S8’s iris scanner and unlocked the phone. Interestingly, the most expensive equipment used in the process was the Galaxy S8 itself. Hacker Jan Krissler aka Starbug said they used a picture of a person’s iris and a simple contact lens to beat the security system.

Samsung describes its iris scanner as “airtight.” It is considered to be more secure than facial recognition, which can also be hacked using simple tricks. You can choose to setup the iris scanner to unlock your Galaxy S8 and authenticate payments via Samsung Pay. You can’t fool the iris scanner with ordinary photos because they don’t capture the unique patterns in your eyes. But the patterns can easily be captured with an infrared sensor.

Starbug used a regular digital camera with 200mm-lens at a distance of up to five meters” to take pictures of the phone owner’s eyes. The CCC switched the camera to “night mode” to take the iris patterns. Interestingly, the experts printed the images of the iris using a Samsung laser printer. The security firm placed a contact lens on the printed image to make it appear like an actual human eye. Then they tested the fake iris, and it successfully unlocked the phone.

However, it wasn’t all that easy for security researchers. The security firm said you might need to adjust the contrast and brightness depending on the picture quality, which requires some trial and error. They also had to test several laser printers before they found the one that worked (and it was a Samsung product). After finding the right printer, Starbug tested multiple prints on different types of paper, and they all worked.

Pin-protection safer than the iris scanner?

The CCC said in a statement that the security risk from iris scanner was “even bigger than with fingerprints.” If you have valuable data on your phone or if you use the Galaxy S8 to make payments, sticking to the traditional pin-protection is much safer than using biometric features. The CCC has been around since 1981. It was among the first ones to have fooled Apple’s Touch ID fingerprint sensor just weeks after Apple launched the iPhone 5S.

When Mashable reached out to Samsung for an official response, the Korean company said it was fully aware of the issue. Samsung assured its customers that the iris scanner on Galaxy S8 was developed through rigorous testing, and offered a high level of accuracy. Samsung said it would respond “as quickly as possible” to resolve the issue if there is a potential vulnerability.

Galaxy S8’s facial recognition was hacked even before the phone’s launch

These hacking incidents will add fuel to the debate over the use of biometric features on electronic devices. Of course, the biometric methods are generally secure and more convenient. But their biggest drawback is that you can’t change your iris patterns, face, or fingerprint once your details have been compromised.

Just days after Samsung announced the Galaxy S8 in March, a YouTube video showed the phone’s facial recognition system being fooled with just a photo of the phone’s owner. Folks at Marcianotech took a picture of the S8 owner on another device and presented the photo instead of the owner’s face in front of the Galaxy S8 camera. To everyone’s surprise, the phone unlocked.

Galaxy S8 is extremely fragile

Security is not the only problem with the Galaxy S8. Thanks to its Infinity display, the S8 is the most fragile smartphone ever. Electronics insurance company SquareTrade recently put the device through a breakability test. They said the Galaxy S8 was the first and only phone they had ever tested that cracked on the first drop on all sides. The S8 received a breakability score of 76/100 and the S8 Plus got a score of 77/100. It means both handsets fall in SquareTrade’s “medium-high risk” category.

Fortunately for customers, the S8 replacement displays are cheaper than the Galaxy S7. The replacement screens for Galaxy S8 cost $200 in China, which is about $50-$100 lower than the cost of S7 displays a year ago. Experts believe the cost is expected to come down further in the coming months.

SquareTrade’s findings have enthused the third-party repair shops, many of whom believe that the Galaxy S8 is “definitely going to break.” The repair shops in the US and other countries have been preparing accordingly. The device costs about $750, so most users are likely to get it repaired rather than buying a new one.