Facial recognition on Samsung’s new Galaxy S8 was cracked by a group of testers, revealing a severe security flaw on the smartphone.

iDeviceHelp, a YouTube channel, posted a video showing tests of the heavily advertised facial recognition feature, which is one way users can unlock the phone. The demonstration showed the device’s facial recognition software can be tricked by using an image of the phone’s owner.

The testers held another phone up to the facial scanner with the image on display, and were able to unlock the Samsung device.

Following the video, Samsung released a statement focussing on the fact facial recognition was not the only option users had to unlock the device.

“The Galaxy S8 provides various levels of biometric authentication, with the highest level of authentication from the iris scanner and fingerprint reader. In addition, the Galaxy S8 provides users with multiple options to unlock their phones through both biometric security options and convenient options such as swipe and facial recognition.”

Samsung then reiterated Galaxy S8 owners “currently” cannot use biometric features to authenticate Samsung Pay.

However, Bloomberg reported in March the device will allow users to make payments using the technology within “months of release”.

Arguably, there’s still work to be done before the South Korean smartphone maker rolls out this particular update.