Samsung debuted a new fingerprint reader technology with the Galaxy S10 that uses ultrasonic waves to scan your finger. It sounds cool, certainly, but it may not be as secure as Samsung claimed. A new report claims a cheap screen protector can trick the in-display fingerprint sensor to unlock for almost any fingerprint.
According to a report in The Sun, a British woman purchased a cheap screen protector on eBay for about $4. After applying the protector, she found her phone’s fingerprint sensor would unlock for almost anyone. It worked with her own unregistered fingerprints, as well as her husband’s fingerprints. That means someone could potentially apply a screen protector to your phone and unlock it.
It’s unclear what it was about the screen protector that so thoroughly defeated Samsung’s security measures, but the company has previously noted that unofficial screen protectors could interfere with the sensor. In fact, it included a pre-installed screen protector on all versions of the Galaxy S10 with the ultrasonic sensor — the cheaper Galaxy S10e doesn’t have the ultrasonic sensor.
The Galaxy S10 was not the first phone to ship with an in-display fingerprint sensor, but it was the first to use ultrasonic technology. Previous devices used optical sensors, which essentially act like cameras under the display. Google has reportedly expressed some concern that optical sensors would be easier to fool than traditional capacitive sensors like the ones Samsung used to use.
When it launched the Galaxy S10, Samsung claimed the ultrasonic sensor (manufactured by Qualcomm) was both faster and more secure than optical sensors. At this point, we can safely say neither of those things is true. Although, you’re always giving up a little security for the sake of convenience with biometrics. A few months back, someone managed to bypass the sensor with a 3D printed fingerprint, and we’ve seen many hacks of face unlock using 3D printed heads that can even fool Apple’s Face ID.
Samsung says it will roll out an update to the Galaxy S10 and S 10+ that will address the issues with the fingerprint sensor. In the meantime, South Korean bank KaKaobank has advised customers to disable fingerprint unlocking for their accounts. No one has mentioned the Galaxy Note 10 specifically in reference to the fingerprint scanner flaw, but it has the same component. Presumably, it’s also affected.
- One for the Graveyard: Google Discontinues Daydream VR
- Galaxy Fold Fails Early on Livestream Torture Test
- Galaxy S10 iFixit Teardown Reveals Lower Repairability Score Than Galaxy S9