Samsung Galaxy S8
Samsung Galaxy S8 Midnight Black Fionna Agomuoh

Samsung claims that spoofing the iris scanner on the Galaxy S8 smartphone isn’t as simple as a recent video demonstration would make it seem. The manufacturer made a statement, after the German hacker collective, Chaos Computer Club shared a video, detailing how it was able to unlock a Galaxy S8 handset using the printed image of an eye with a contact lens overlaid on the paper.

“Although the one-minute video (that shows the sensor being fooled with a dummy eye) appears simple, it is hard to see that happening in real life,” a Samsung spokesperson told The Korea Herald.

“You need a camera that can capture infrared light (used in the video), which is no longer available in the market. Also, you need to take a photo of the owner’s iris and steal his smartphone. It is difficult for the whole scenario to happen in reality.”

Read: Samsung Galaxy S8 Iris Scanner: Hackers Bypass Biometric Scanners

Smartphone biometrics has been under scrutiny since its inception. Early iterations of iPhone and Samsung Galaxy fingerprint scanners were easily spoofed by body parts that weren’t fingers. Since then, companies such as Synaptics have worked to tackle biometrics security issues, such as false fingerprints made of materials, such as silicon.

However, issues arise again as new biometrics features are introduced to smartphones. The facial recognition feature introduced on the Samsung Galaxy S8 has been proven so easy to bypass that many banking institutions have currently refrained from using it as an authentication measure for mobile payment systems.

Until now, Samsung’s iris unlock feature has not received very much criticism by way of its authentication accuracy. Many users have found more issue with the iris scanner not being about to properly detect their eyes than with the scanner being fooled by fake eyes.

Read: Usher Identity Software Aims To Replace Passwords, Security Questions With Mobile App

While Samsung claims the human iris is too detailed to be easily recreated for the purpose of spoofing a biometrics feature, the Chaos Computer Club states that current technology is already advanced enough for bypass the Galaxy S8 iris scanner.

“Under some circumstances, a high-resolution picture from the internet is sufficient to capture an iris,” CCC spokesman Dirk Engling said in a blog post.

The Chaos Computer Club recommends a traditional pin as the most secure option for authentication on a smartphone, particularly for mobile payments.

The Samsung Galaxy S8 features six security options, including the traditional pin, pattern, and password, in addition to three biometric features: iris scanning, fingerprint scanning and facial recognition. The smartphone has all three biometric options registered on a handset at one time; however, iris scanning and facial recognition cannot be set as security options simultaneously. Users can have up to three security options activated at the same time.