Samsung's Galaxy S8 iris scanner is easily defeatable
If you want to secure your Samsung Galaxy S8, relying on the iris scanner to keep it locked is not the best idea. That's because it can be easily fooled using just a printed photo and a contact lens.
This reinforces the belief that biometric authentication is -- at least for now -- less secure than traditional options, like PINs and passwords, which have the advantage of not being tied to a physical trait that can be easily exploited by hackers, thieves or the authorities.
As ArsTechnica reports, the cost of this hack is lower than what you would pay for a Galaxy S8. If you already have a camera and a laser printer (Samsung-made models are said to offer the best results), then it will go down dramatically as you would only need a piece of paper to print the photo on and the contact lens.
The contact lens is used so that the sensor can be tricked that it is looking at an eye and not just a piece of paper. Obviously, Samsung thought about this when it developed the technology, as this is the first thing that every curious user and reviewer will try, but the contact lens is something that it either did not take into account or simply ignored.
Samsung claims that the iris scanner in the Galaxy S8 offers "airtight security" and makes for "one of the safest ways to keep your phone locked and the contents private." Clearly, that is not exactly the case. As I mentioned earlier, the same holds true for fingerprint scanners, which can also be bypassed with relative ease.
What biometric authentication offers -- and this is hard to dispute -- is convenience. It is much easier to rest your thumb or finger atop of a scanner or raise your smartphone so that it can recognize your eyes and face and have your smartphone unlock almost instantly than having to enter a complex PIN or password every time you want to use it.
And that is something that has made such features a must-have on higher-end smartphones. Consumers want to be able to keep their smartphone (relatively) safe, but they do not want to go through all the hassle that's involved with traditional security methods. No one can really blame them.
But the problem here is that Samsung's description of the technology and how it's implemented might lead some to believe that it is actually up to snuff, which isn't the case here as you can see. And, unlike a fingerprint, a shot of your iris might be easier to reproduce from social media photos, for instance. All that someone would have to do then is get their hands on your Galaxy S8 and they would have access to it in a matter of seconds.