Security researchers showed that the Galaxy S8’s iris scanner can be easily bypassed with the right tools. After the video had come out, Samsung issued a first response, reassuring customers that it’s aware of the issue, and that it’ll further study the matter. Since then, the company made other official comments on the hack, saying that it’s unlikely for it to work in real life use.
“Although the one-minute video (that shows the sensor being fooled with a dummy eye) appears simple, it is hard to see that happening in real life,” a Samsung spokesperson told The Korea Herald.
“You need a camera that can capture infrared light (used in the video), which is no longer available in the market. Also, you need to take a photo of the owner’s iris and steal his smartphone. It is difficult for the whole scenario to happen in reality.”
Samsung comment doesn’t dispute the fact that the iris scanner can be hacked that way, even if the company seems to minimize the threat.
Soon after the Galaxy S8 was launched, users showed that the face unlock mechanism can be bypassed with the help of a photo. Samsung was aware of the issue, which is why face unlock can’t be used for Samsung Pay transactions.
However, the iris scanner was advertised as “one of the safest ways to keep your phone locked.” The security feature is used to authenticate Samsung Pay purchases.