According to the Verge the Galaxy S8’s facial scanner can be tricked with a photo.
Just days after Samsung unveiled the Galaxy S8’s new facial-scanning feature, someone has already successfully spoofed it. Bloggers at Marcianophone secured a S8 with their face and then tricked the phone with a selfie that was saved on another device. The S8 eventually unlocked, though it took a few seconds. Either way, you might not want to use face scanning as your primary form of phone security. Samsung has already noted that facial scanning isn’t the most secure form of authentication. Using your fingerprint, iris, or a PIN is preferable. With that in mind, it’s possible that Samsung is still working on the feature. The phones at its New York City event weren’t final products, so the company could theoretically tighten up security before shipping to the public.