Samsung confirms fingerprint security flaw
Security concerns over Samsung’s new S10 model have surfaced. Users on social media demonstrated a bug which allows unregistered fingerprints to unlock the device
Samsung recently acknowledged the bug in a reply to the BBC, saying that it was “aware of the case of S10’s malfunctioning fingerprint recognition and will soon issue a software patch”.
Many online banking applications, such as Monzo and Lloyds, use biometric scanners instead of passwords, leaving S10 users vulnerable.
KakaoBank, the most popular internet-only service in Samsung’s native South Korea, advised users to disable fingerprint access amid fears that their accounts could be compromised with ease if their devices fell into the wrong hands.
이슈가 되고 있는 갤럭시 S10, 노트10 기종 실리콘 케이스 지문인식 뚫리는 현상 테스트해봤습니다….
— StaLight (@Sta_Light_) October 16, 2019
갤럭시 10시리즈 사용자분들 당장 지문잠금해제 푸세요 pic.twitter.com/tbmzErrmkP
The bug occurs when an air gap between the screen protector and the sensor effectively stops the sensor from working correctly. Most smartphone manufacturers use an optical reader, which takes a 2D image of a fingerprint. However, Samsung uses Qualcomm’s ultrasonic fingerprint reader technology, which takes a 3D image using sonic waves.
The security flaw was initially highlighted by a British woman, who first reported it to The Sun. She claimed that both her and her partner’s unregistered thumbprints could unlock the device.
In 2017, the Samsung Galaxy S8 suffered a similar embarrassment when it was found that its facial recognition security could be bypassed with a photograph.