A major Galaxy S8 and S8+ selling point may turn out to be a security vulnerability rather than another practical biometric authentication method, and we’re afraid that’s not some sort of twisted April Fools’ Day prank.

No wonder Samsung spent far less time hyping its new facial recognition technology during the Unpacked 2017 event than all those pre-release rumors appeared to suggest. Not only will it be much faster to unlock an S8 using your finger (if you can find the darned rear-fitted sensor sans looking at it, that is), with a secondary iris scanner also offering extra peace of mind compared to the face verification feature.

Believe it or not, someone has already managed to trick a demo Galaxy S8 unit into authenticating… a photograph. It’s not quite as easy as it sounds, with a second phone involved, a bit of patience, and all the right moves and angles, but it’s still worrisome to see the security of a state-of-the-art 2017 mobile device bypassed like that.

Also, while the flaw might be fixed in time for the April 21 commercial launch, “industry watchers” quoted by Korean media warn the facial recognition technology is “only intended for fun” on the Galaxy S8. It’s by no means a “foolproof security measure”, as phones can allegedly be unlocked “by the face of a sleeping person” in addition to a close-up snapshot, which is why Samsung limited its purposes to begin with. That’s right, no face mobile payments for you!