When it comes to security and the iris recognition technology used in its flagship Galaxy S8 smartphone, Samsung touted, \u201cThe patterns in your irises are unique to you and are virtually impossible to replicate, meaning iris authentication is one of the safest ways to keep your phone locked and the contents private.\u201dBut the Chaos Computer Club (CCC) made a mockery of Samsung\u2019s \u201cvirtually impossible to replicate\u201d claims, easily defeating the iris recognition system used in the new Galaxy S8 with nothing more than a camera, a printer and a contact lens.Not only can the iris authentication system be broken to unlock an S8, the same trick could allow an attacker to access the victim\u2019s mobile wallet. Just last week, Samsung Pay tweeted a short iris scan video ad along with, \u201cEvery eye is unique. Now you can use yours to make purchases with Samsung Pay.\u201dEvery eye is unique. Now you can use yours to make purchases with #SamsungPay #IrisScan. pic.twitter.com\/t2u87Fzi25\u2014 Samsung Pay (@SamsungPay) May 17, 2017The Galaxy S8 uses iris recognition technology by identity management firm Princeton Identity.\u00a0The company claims, \u201cIdentity management powered by biometrics, making security more convenient, accurate and reliable than ever before.\u201dThat accurate and reliable security was broken by CCC member \u201cstarbug,\u201d a biometrics security researcher who also broke the fingerprint biometric security of Apple TouchID.Starbug showed that you only need to take a picture of the phone owner, crop the image, print it out\u2014ironically using a Samsung printer for the best results\u2014and then place a contact lens over the printed iris to replicate an eye\u2019s curvature. Hold the fake iris up to the phone, and voila! Open sesame, unlock phone, unlock Samsung Pay. The CCC noted:The easiest way for a thief to capture iris pictures is with a digital camera in night-shot mode or the infrared filter removed. In the infrared light spectrum\u2014usually filtered in cameras\u2014the fine, normally hard to distinguish details of the iris of dark eyes are well recognizable. Starbug was able to demonstrate that a good digital camera with 200mm-lens at a distance of up to 5 meters (16.4 ft.) is sufficient to capture suitably good pictures to fool iris recognition systems.So much for Samsung\u2019s claims: \u201cWe care deeply about your privacy. So we made the Galaxy S8 and S8+ our securest phones yet. There\u2019s an iris scanner for peace of mind, face recognition that unlocks your phone in an instant, and defense-grade security that stands guard 24\/7.\u201dDo you still have peace of mind about the iris scanner keeping your phone secure?\u201cIris recognition may be barely sufficient to protect a phone against complete strangers unlocking it. But whoever has a photo of the legitimate owner can trivially unlock the phone,\u201d said CCC spokesman Dirk Engling. \u201cIf you value the data on your phone\u2014and possibly want to even use it for payment\u2014using the traditional PIN-protection is a safer approach than using body features for authentication.\u201dThe biggest cost of this iris biometric hack was purchasing the Galaxy S8. The CCC noted that rumor has it Apple will take a page from Samsung by having iris recognition unlock the next-generation of iPhone. It remains to be seen if Apple\u2019s version will easily be tricked with a dummy eye.