Earlier this week a security flaw with one of Samsung’s flagship phones, the Galaxy S10, was reported in the UK. The flaw enabled a user to bypass the S10’s fingerprint reader, using any fingerprint to unlock the device, no matter what biometric data was saved on the device.
In the past, the S10’s fingerprint reader has been fooled by a 3D printed fingerprint. Imgur user, darkshark, took a picture of his fingerprint on a wine glass, processed it in photoshop, created a 3D model using 3ds Max and then printed his fingerprint. After a couple of tweaks and a 13 minute 3D print, he was successful in bypassing the fingerprint reader. However, this more recent bypass of the S10’s fingerprint reader requires virtually no technical knowhow.
According to reports, all it takes to unlock the S10 is a £2.70 Silicone case. A user in the UK bought a cheap all-in-one protective silicone case that covers both the front and the back of their S10, but they soon discovered that the case enabled the phone to be unlocked by any fingerprint. The owner of the phone first discovered this when they were able to unlock the device with different fingers, even though they only had one fingerprint saved on the device. They then tried to see if different family members could also unlock the device, which they could.
The S10 and S10+ use an Ultrasonic Fingerprint Scanner that’s the first of its kind and is embedded into the screen. The devices use soundwaves to create a 3D map of the user’s fingerprint.
As biometric security becomes ever more common on mobile devices, more apps and services are taking advantage of this for authentication, including banking apps. Many banking apps are adopting biometric security, allowing you to login with just your fingerprint, meaning that an easy bypass of these fingerprint readers could result in devastating losses.
Many people have responded to this report with don’t buy a cheap screen protector then, but what stops a thief from stealing your phone and putting one of these cases on it?