Samsung Galaxy S8's facial recognition can be tricked with a photo

CNBC: Galaxy S8 2
Devin Hance | CNBC

Samsung's Galaxy S8 isn't even out yet but there's a "feature" that's not as secure as you might think.

A YouTube channel named iDeviceHelp tried testing the Galaxy S8's advertised face recognition software. It's just one of a few options Samsung will employ to let users unlock their devices. Unfortunately, it's terribly insecure.

A video demonstration shows the Galaxy S8's facial recognition software being fooled by an image of the phone's owner. With one phone held up to the facial scanner with an image of the owner on the display, the phone's sensor appears to believe it's looking at its owner and unlocks the device.

Take a look at the video:

That's bad.

If you plan on buying the Galaxy S8, I recommend turning this option off entirely, at least if you want to keep prying eyes from opening your smartphone. Just think – all someone needs to do is head to Facebook and grab a picture of you to unlock the device. That's terrifying.

You'll be much better off using the fingerprint reader or, better yet, the iris scanner. Princeton Identity, which provides the Galaxy S8's iris scanner technology, told CNBC in an email that it's 100,000 times more resistant to false positives than other forms of biometric security, like facial recognition. It's able to achieve this by scanning 200 points of an iris during setup.

Keep this in mind with the Galaxy S8. I know I won't be using the facial recognition option.