A new test conducted by CCC hackers shows that this promise cannot be kept: With a simple to make dummy-eye the phone can be fooled into believing that it sees the eye of the legitimate owner. A video shows the simplicity of the method. 
Iris recognition may be barely sufficient to protect a phone against complete strangers unlocking it. But whoever has a photo of the legitimate owner can trivially unlock the phone. „If you value the data on your phone – and possibly want to even use it for payment – using the traditional PIN-protection is a safer approach than using body features for authentication“, says Dirk Engling, spokesperson for the CCC. Samsung announced integration of their iris recognition authentication with its payment system „Samsung Pay“. A successful attacker gets access not only to the phone’s data, but also the owner’s mobile wallet.