Back in March, when Samsung launched the Galaxy S10, they described its fingerprint scanner as “revolutionary.” The in-screen scanner uses ultrasound to detect the ridges of users’ fingers and match it to stored data. Previous versions of in-screen fingerprint scanners tended to use optical scanners, which projected light under the screen and read your fingerprint that way. But it turns out that the only revolutionary thing about the ultrasound sensor is how easy it is to bypass it.
A British couple recently discovered the flaw after a woman fitted her Galaxy S10 with a gel screen protector she found on eBay for £2.70. After registering her thumbprint with the new protector fitted, she discovered that her other thumbprint – which wasn’t registered – also unlocked the device. When her husband tried to unlock it, it opened for both his thumbs. The same screen protector caused the same issue when fitted to another S10.
Samsung – for their part – said that users should only use Samsung-authorised screen protectors. They later followed up and said that they were investigating the issue internally. The smartphone giant also said that it would soon issue a software patch. It’s possible that this is linked to previous reports that other unofficial screen protectors caused issues with the fingerprint sensor because they left a small air gap, which interfered with the ultrasound.
While it’s encouraging that Samsung is working quickly to fix this, the underlying issue is somewhat more worrying. Obviously, ultrasound fingerprint scanning is still a very nascent technology, and it’s likely that this issue has been around since day one. With that in mind, it’s not difficult to imagine that there are other Day Zero attacks like this that simply haven’t come into mainstream knowledge yet.
In the meantime, if you have a Galaxy S10, follow Samsung’s advice and only use Samsung-authorised screen protectors. Hopefully, the software patch comes sooner rather than later.
Update: Samsung statement
Samsung has issued a statement on the Galaxy S10 fingerprint scanner flaw. The company is advising anyone who uses a silicone screen protector on their Galaxy Note 10 or Galaxy S10 to remove the cover and delete all registered fingerprints. Samsung is also recommending people keep the covers off until a software patch has been issued.
The company is planning the release of a software update next week to address the problem. Once your device has received the update, they say you should make sure to scan the entirety of your fingerprint.
This issue involved ultrasonic fingerprint sensors unlocking devices after recognizing 3-dimensional patterns appearing on certain silicone screen protecting cases as users’ fingerprints.
To prevent any further issues, we advise that Galaxy Note10/10+ and S10/S10+/S10 5G users who use such covers to remove the cover, delete all previous fingerprints and newly register their fingerprints.
If you currently use front screen protective covers, to ensure optimum fingerprint scanning, please refrain from using this cover until your device has been updated with a new software patch.
A software update is planned to be released as early as next week, and once updated, please be sure to scan your fingerprint in its entirety, so that the all portions of your fingerprint, including the center and corners have been fully scanned.
The post [Update: Samsung statement] Samsung will fix Galaxy S10 flaw that let anyone bypass fingerprint unlock appeared first on xda-developers.
Rojenx is a leading concept artist who work appears in games and publications
Check out his personal gallery here