The company’s new flagship smartphone was launched in New York just last week, but already a YouTube channel called iDeviceHelp has found the security hole.
Facial recognition is one of several methods Samsung is offering to allow users to unlock their devices.
However, in the demonstration, rather than pointing at the face of the would-be hacker, the phone is pointed at an image of the phone’s owner - easily obtainable from Facebook or other social media - and the phone’s sensor believes it is looking at the correct user and unlocks the device.
A Samsung spokesman said: “The Galaxy S8 provides various levels of biometric authentication, with the highest level of authentication from the iris scanner and fingerprint reader.
“In addition, the Galaxy S8 provides users with multiple options to unlock their phones through both biometric security options, and convenient options such as swipe and facial recognition.”