Samsung’s newly introduced Galaxy S8 features iris scanning and facial recognition via the front-facing camera. Both these features can be used to unlock the phone for those times when you don’t feel like reaching your finger around the back and feeling for its built-in fingerprint reader alongside the rear camera. iDeviceHelp posted a hands-on video with Galaxy S8’s biometrics.

They concluded that eyeballs and faces are not as secure as fingerprints because the phone could be tricked into unlocking by scanning a user’s headshot.

Check out the video from iDeviceHelp proving a workaround exists.

The Korea Herald acknowledged that iris scanning and facial recognition technologies on their own are still insufficient for security. Citing industry sources, the publication quoted one person in the know as saying that Samsung’s latest phones can be unlocked by the face of a sleeping person, or even just by a photo.

“For now, the facial recognition technology is only intended for fun,” that person concluded. “It should not be considered as a foolproof security measure.”

Subscribe to iDownloadBlog on YouTube

In a statement issued to Mashable, Samsung admitted that facial recognition offered by the new Galaxy S8 lineup cannot be used for Samsung Pay.

“Samsung made it clear to me that its facial unlocking technology is not their most secure biometric system,” reads the article. “In fact, it can’t be used for purchases with Samsung Pay. For that, you still must use the fingerprint reader on that back.”

The front-facing iris scanner can still be used to pay for items and unlock the phone.

Source: iDeviceHelp

  • Not surprised as it’s from Samsung

    • TechnoBuff

      What an ignorant response.
      Considering the strides made by Samsung lately. People will still slag them no matter what.
      No security measure is 100% foolproof. Security professionals have shown how to bypass fingerprint scanners with a sample of your fingerprint and right tools, on any phone!
      At least it is not someone else’s face!

      • igorsky

        What is it with you Samsung apologists on this forum. Samsung was very happy to advertise this as a feature for the publicity. Now that it’s proven to be a typical Samsung gimmick you come out with the excuses? Gtfoh.

      • TechnoBuff

        FYI Joker.
        All my products are from Apple.
        It is indeed a product feature because it is less secure does not make it a gimmick, it becomes a gimmick when someone else’s face or pic can be used to open.
        As i stated in case you need to reread again. Fingerprint scanners arent 100% secure.
        Knew you will be the one with that ignorant comment

      • Anonymouse

        Unlocking an iphone using the finger of a sleeping person is easy, would you consider that a gimmick?

      • You could also use facial recognition on a sleeping person just FYI.

        There’s a difference however between trying to do something right and trying to do something cheaply. There are many ways to make sure that a photograph won’t work to unlock a phone and Samsung didn’t employ a single one but opted for the cheapest possible method of implementation resulting in very poor security.

        This is why people are saying it’s a gimmick. It’s not because facial recognition isn’t a useful or powerful tool, it’s that it’s so poorly implemented that it actually makes security worse for the user when used.

      • Anonymouse

        Unlocking a phone from a sleeping person is considered poor security. Writing your passcode on a piece of paper is also considered poor security, Voice recognotion probably can be bypassed if someone has your voice recorded and plays it back. Facial recognition can be bypassed with a photo. Are all these security measures including Apples done in the cheapest possible way or in the most consumer friendly way? I don’t know,
        I found an iphone 6 the other day on the road. Screen ok battery nearly empty. No lock on phone. I charged it, rang one contact in phone and it was reunited with its owner later that afternoon.
        Sometimes I think we are on an endless quest to secure something that ultimately makes it less possible that it will be returned if lost.
        Footnote: the happy phone owner offered me $50 reward, I turned it down

      • Hey Anonymouse,

        I don’t think you understand my point. When it comes to facial recognition there are many ways (that have been around for a while now) of making sure that you can’t spoof it with a photo. You can look for heat, you can look for motion, you can do a 3D relief map of the face and compare that data along side the other, and preferably you can do all of the above. Samsung did none of the above and opted instead to make and market a security feature with absolutely 0 industry security applied to it resulting in a product that is actually more insecure than anything else and easily spoofed by anyone.

        Apple’s fingerprint reader has layers of security built into it that seek to prove that it’s a real living piece of tissue, that the area under the skin also matches the scan and so on. What is the result? That only industry professional hackers have the tools needed to break into it.

        Again, we aren’t talking about someone sleeping on a couch and a friend or family member unlocking it, (they probably have seen you enter your pin enough to know it anyways). What we’re talking about is if someone leaves the phone somewhere or it gets stolen. One method allows anyone to go on Facebook, grab the user’s profile picture and unlock his phone, and the other locks them out unless they’ve also managed to get the matching fingerprint and happen to have a lot of very specialized equipment laying around their house.

      • At least you need the real finger of the person, not a photo from it! Lol

      • Exactly. Microsoft has facial recognition on Windows Hello and I never saw someone bypassing using a photo.

      • John

        Lol. ‘No security measure is 100% foolproof’. This ‘security’ measure didnt even need a complicated work around. This is another example of samsung rushing things when the technology is not ready and is practically uselss. As per normal. Just so they can say they had a phone with it first. When actually the phone never really had it as it is basically useless and on the same level ss a cheap chinesse phone that mimicks facial recognition when really all you need to do is just show it almost any photo and it will unlock. When Apple bring out their IR face scanner that actually maps the landscape of your face in light or pitch black (which they have and leaks suggest it will be available this year), Samsung will say that they had facial recognition first. When actually they had nothing even close to it and wont have anything on par with IR facial mapping for at least 2 years. I hope Samsung are embarrassed that this has been found out so fast and shows them for what they have turned into. A company with technology thats out of date, at best can mimic what it trys to portray and not even on the same level anymore as the other manufacturers.

      • Rowan09

        I can’t agree with you here. Samsung placed the fingerprint scanner on the back which obviously meant it’s an after thought because you will have to pick it up to unlock the device with the fingerprint sensor. Facial recognition is suppose to be secure and it’s not even a little secure. I mean a picture can be used come on man that’s a joke.

        All the fingerprint bypass where done with making a mold of the fingerprint, it wasn’t a one two three step. You need to give blame when it’s due and they deserve all the blame for this one.

      • Anonymouse

        By placing the scanner on the back it’s considered an afterthought is it, you know this for certain how? What about when you place your phone face down? According to your way of thinking Apple then placed in on the front as an afterthought.
        Your logic is an afterthought.

      • Rowan09

        That is the dumbest thing I’ve ever heard. You place your phone face down to unlock it and look at the camera and Apple logo? How many fingers can you use to unlock the new S8? Can one hold the phone with one hand and use their thumb or little finger? On the S8 + it’s even further away making only able to be used with 2 hands for most people. Just look at the reviews I didn’t make this up. When HTC did it, it was a bad idea so it’s no better because it’s Samsung.

      • Mike

        To be honest I don’t understand why people are so worried about the S8/S8+ fingerprint scanner. I have the note 5 and I can easily reach the heartbeat reader which is now where the fingerprint scanner is or maybe a 1cm higher. The problem you guys aren’t understanding is that you are given options. If you don’t like facial recognition you can use iris scanner or fingerprint. People are going all crazy about how you can use a picture to unlock the phone but they can send an easy update which would fix it since none of the phones have been sold yet. The point of moving it back was for more screen in front and using iris is just as fast as a fingerprint reader. It doesn’t take long to tilt the phone up to read your eyes. Iris scanner is probably the best security lock on a smartphone right now.

      • Rowan09

        Did you not read the article it’s not the best security right now because it can easily be fooled even with a sleeping person. The fingerprint scanner and heartbeat sensor are 2 different things. An individual is always going to use the fingerprint scanner and as per the article you can’t use Samsung pay with the iris scanner. This is a stupid move by Samsung. HTC did it already and it was a bad idea.

      • johnny_fy

        You can use the iris scanner for anything that accepts the fingerprint. Read the end of the article. I have an iPhone now but when I had the note 7 the iris scanner was really fast. 90% of the time you didn’t even know it was activating the screen it would just unlock. It was better than the fingerprint scanner especially when your hands would be wet. It really is annoying when I get out of the shower and the iPhone won’t recognize my finger until it is completely dry. Options. Its about having options and that’s what they are giving people.

      • Rowan09

        Choices when you make the fingerprint sensor basically useless with one hand or easy to use? There is sometimes when you do too much and this is one of them. Are people that attached to their phones were they can’t put it down for a second?

      • johnny_fy

        Facial recognition and iris scanning are two separate things. I think you are confused.

      • Rowan09

        They can hack Iris scans just like fingerprint scans. The process is not as convenient as just placing your finger on a home button, etc. All my friends that had the Note 7 never used the iris scanner.

      • “Considering the strides made by Samsung lately” you mean the strides that resulted in rushed products, exploding batteries, fires at production plants or high failure rates in washing machines?

        Or maybe you mean getting caught lying about their phones being waterproof by consumer reports and scrambling to fix them or getting in trouble over not complying with US regulations in their latest recalls and trying to work to comply after being caught?

        Or are you talking about in the very general sense seeing that they finally appear to no longer be embroiled in a half dozen world wide price fixing schemes these days and one could argue they are slightly more moral as a company?

        What are these strides you speak of?

      • I’m happy cause it’s way too more complicated to bypass the fingerprint scanner. As you said, it requires a “security professional”.

        Even my son with 4 years knows how to take a selfie and is able to bypass the facial recognition of Samsung. That’s a major failure!

        We all know that Samsung don’t take suficient time to test it’s devices in order to release it before others (not to say Apple) and we know what has happened lately.

        I hope this one doesn’t explode for the safety of Samsung fans at least.

    • tariq

      S8 still got fingerprint, iris and android lock so it’s not like they are short of any competitive smartphone. And Face recognition has been proven to not work well many years ago, so don’t act surprised, Samsung my added that as a bonus b/c bragging rights. Same way as they did with curve display, no purpose, just bragging rights. Companies do this all the time

      • Rowan09

        Fingerprint which is on the back far away and all one would need is iris scan to unlock a phone.

  • 5723alex .

    According to AnTuTu benchmark test the iPhone 7+ with its 16nm A10 CPU/GPU
    quad-core and 3 GB RAM scores 185,000 points while Samsung’s new supersmartphone the Galaxy S8/+ with 10nm Snapdragon 835 octa-core and 4 GB RAM scores just 162,000-165,000 points.

    • Johnny

      Wow

    • Mike

      Are you alright? I think you read too fast or something my friend. The S8 scored a final score of 205284 while the iPhone 7+ scored a 181807.

      • 5723alex .

        You have read too fast as the Snapdragon 835 trails the 7+. The Exynos 8895 scored 205284.

        Now, according to Geekbench 4 the S8/+ get lower marks even than the iPhone 6s/SE in single-core scores .

  • Not shocking at all. Just a ‘feature’ they pushed out as quickly as possible to “beat” Apple to it (based on rumors.) I’m still fully for just improving the touchID sensor. Which right now can only be tricked by hanging someone else fingerprint in high res and a 3d printer and what not, not really a genuine thing to be scared of. I’d suspect they might add something to tell the finger on the sensor is ‘alive’ by maybe backlighting the finger to see the blood streams. (Bonus feature could be measure heart rate for the Health app.)

    • They already do. The Touch ID utilizes two methods to sense and identify your fingerprint: capacitive, which senses touch, and radio frequency that reads only the living tissue underneath. Once the finger is dead, it loses electrical charge so it won’t activate Touch ID and the radio waves will yield no results because the tissue is dead. In other words, there’s virtually no chance a disembodied finger could be used to unlock Touch ID.

      • Anonymouse

        Well if you’re asleep your fingerprint can still be obtained. So both these measures are not foolproof.

      • Rowan09

        Of course but trying to compare someone talking someone’s hand and someone just using a picture of a person is not the same. Why are you trying to make an excuse for Samsung this is just horrible? If this was Apple the news would he all over it, but Samsung gets a pass.

      • Mike

        JUST USE IRIS SCANNER PEOPLE! Samsung can also update the facial recognition to fix those problems and the phone isn’t even out yet…

      • Rowan09

        Did you not read about the iris scanner? If you wear glasses it might not work, get a LASIK operation it will be affected, etc. No one wants to always have to put a phone centimeters away from their face to unlock it.

    • tariq

      They beat apple when they made Iris scanner, highly doubtful face recognition was a real race here. Just my opinion.

      • ravinigga

        Well face recognition was already on android few years ago but not heavily wow feature

  • Mallouk Malek

    How is see this for normal people like me, that it is not a deal breaker, you may ask why? Well in case my phone got lost no one will be able to bypass that since no one knows the face for the one who lost it right?
    On the other hand all our beloved ones and most importantly the WIFE will be able to check my phone when I am asleep :D… It’s OKAY I have noting to hide !
    Still not buying tho, well because I can’t move away from Apple ecosystem any time soon but really liked this device.

    • Rowan09

      What happens if you have a picture on your phone of yourself? All someone would need to do is take a picture of that picture and viola

      • M_Hawke

        Just don’t have a picture on your phone of yourself. Simple.

      • Rowan09

        Lol. So now people can’t have pictures of themselves or family as a background? Smh. Well Samsung should let people know this then.

      • M_Hawke

        Let’s make a big deal out of nothing.

  • Jerry

    INTENDED FOR FUN