German hackers from the Chaos Computer Club have fooled the Galaxy 8’s iris recognition authentication software by placing a disposable contact lens over a life-size color printed photo of the owner’s eye.

The low-budget hack, demonstrated in the video below, might have been inspired by a 1990s sci-fi movie — but reliably overcame Samsung’s lauded 2017 technology.

The Galaxy 8 also offers full facial recognition as an authentication method — just as easy to bypass using a similar technique.

Unlike fingerprints, which are yet another login option for the Galaxy 8, neither eyeballs nor faces are easily concealed. Smartphones, and even some cameras built into the latest glasses or headsets would be able to snap a usable photo of an unsuspecting victim in good lighting conditions.

“Starbug”, one of the researchers credited with this hack, said in an email:

“Iris recognition is the next big thing with mobile devices. The technology, especially with the packed space and low computing power of mobile devices, is hard to make hack-proof [but] mobile devices are holding more and more sensitive data.”

When thinking of hacks, it’s important to consider how much of a threat they are in the real world. That is, hacks that require complicated access methods, rare skills, or a unusual technology may be more academic than real. But, low-tech methods like this one are more troubling. Samsung issued a statement to Gizmodo saying they were looking into it.