Galaxy S10 fingerprint reader defeated by screen protectors, phone cases, Ars Technica

           

  

Samsung is once again in hot water for a shoddy biometrics implementation. This time the culprit isthe Galaxy S 10and its ultrasonic in-screen fingerprint reader, which apparently can be unlocked by anyone as long as there is a screen protector or some other piece of transparent plastic between a finger and the sensor.

British tabloid newspaperThe Sunoriginally reported the news, saying a British woman discovered she could unlock her husband’s phone just by adding “a £ 2. 70 screen protector bought on eBay. ” After reporting the issue to Samsung, the couple says Samsung “admitted it looked like a security breach,” and a spokesperson told The Sun, “We’re investigating this internally. We recommend all customers to use Samsung authorized accessories, specifically designed for Samsung products. ”

Days later whenthe BBCpicked up the story and contacted Samsung again, the company said it is “aware of the case of S 10 ‘s malfunctioning fingerprint recognition and will soon issue a software patch. “

갤럭시 가 되고 있는 S 10, 노트 10 기종 실리콘 케이스 지문 인식 뚫리는 현상 테스트 해봤습니다 ….

갤럭시 10 시리즈 사용자 분들 당장 지문 잠금 해제 푸 세요pic.twitter.com/tbmzErrmkP

– StaLight (@Sta_Light_) (October) , 2019

It all sounds like an unbelievable story, but now that the word has gotten out, there are already videos on the Internet of the method working. Examples from@ Sta_Light_on Twitter and themeeco.krforum show 2019 Samsung phones failing to unlock with an untrained fingerprint as they should, but then, when the user places a clear silicone phone case over the top of the sensor, that finger can unlock the phone. The user on Meeco uses a Galaxy S 10, as previously reported, but Sta_Light_’s phone is actually a GalaxyNote 10, which uses the same fingerprint technology as the Galaxy S 10.

Samsung has known for some time that screen protectors could interfere with the ultrasonic fingerprint reader. Early S (screen protectors actually featured) a giant holeover the top of the fingerprint reader sensor location, as there was concern that an air gap between the cover and sensor could stop the sensor from working. Eventually, Samsung and the industry huddled up and started producing screen covers that were “compatible” with the sensor, avoiding an air gap by using some kind of glue or gel backing on the screen protector.

There is currently a split in under-display fingerprint reader technology in the smartphone market. Most phones use optical in-screen fingerprint readers, which place a CMOS chip under the display and take a 2D picture of your finger. Samsung is pretty much the only vendor that doesn’t use an optical reader, instead opting for Qualcomm’s ultrasonic fingerprint reader technology. Qualcomm and Samsung touted the ultrasonic sensor as more secure than optical, since it uses sonic waves to take a 3D scan of your finger, supposedly providing more detail than the 2D image of a CMOS sensor. Qualcomm alsomade the claimthat the sensor can “detect blood flow within the finger and actually prevent hackers from spoofing the device with a photo or a mold,” though that statement seems to have been proven false with several hacks now.

Failed Samsung biometric solutions are not new. Last time, it was 2017 ‘s Galaxy S8, which shipped with a Samsung-built facial recognition system that had flawsOther vendorshad addressed in 2011 – you could unlock the phone witha photo of someone. This also isn’t the first time someone has broken the S 10 ‘s fingerprint reader — it was previously defeated with a$ 450 3D printer. Failing biometrics on a phone are a bigger deal than ever, as they give attackers access not only to your messages, photos, and contacts but, thanks to NFC payment apps, expose your credit cards, too.

        

Listing image by Ron Amadeo