Samsung Galaxy S10’s ultrasonic sensor fooled by fake finger

Samsung’s in-display fingerprint reader can be hacked ‘in 15 minutes’

The Samsung Galaxy S10's 'ultrasonic' in-display fingerprint reader can be easily unlocked with a 3D-printed fingerprint, allowing hackers to break through the device's biometric security.

The exploit was discovered by a Reddit user going by the names of 'darkshark9', who cloned his own fingerprint from a photograph of the print left on a wine glass. Using common software tools Adobe Photoshop and Autodesk 3ds Max, he created an accurate replica of the print using a home 3D printer costing less than 400.

In a proof-of-concept uploaded to Imgur, darkshark9 showed the device being unlocked by the fake print, stating that "the 3D print will unlock my phone...in some cases just as well as my actual finger does".

I attempted to fool the new Samsung Galaxy S10's ultrasonic fingerprint scanner by using 3d printing. I succeeded.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"If I steal someone's phone, their fingerprints are already on it," he explained. "I can do this entire process in less than three minutes and remotely start the 3D print so that it's done by the time I get to it. Most banking apps only require fingerprint authentication so I could have all of your info and spend your money in less than 15 minutes if your phone is secured by fingerprint alone."

The photo used in the exploit was taken with the S10+ itself, but he also theorised that by using a higher-quality DSLR camera, you could steal someone's digit "from across a room... or further".

The S10's in-display fingerprint reader was one of the main selling points of the new device, with Samsung saying its biometric security "provides a high level of protection for sensitive data". However, most security experts agree that using biometric security as a primary unlock method is less secure than a password or PIN.

Multiple tests have shown that the facial recognition technology used to unlock many smartphones is not foolproof, and Samsung itself advises during the setup of facial recognition that it is "considered less secure than other lock types".

However, when we reached out to Samsung, the company dismissed concerns about the hack, calling the phone's security "vault-like".

"The Galaxy S10's in-display Ultrasonic Fingerprint Scanner offers vault-like security that has been developed through rigorous testing to provide the level of accuracy and prevent against attempts to compromise its security, such as images of a person's fingerprint."

Advertisement - Article continues below

Samsung argued that the hack wasn't a threat, as it required using professional software and a 3D-printer, and that the copy "could only have been made under a very rare combination of circumstances". Both pieces of software used in the hack offer free trials, while the 3D printer used is available for less than 400, making it comparatively easy for even an amateur hacker to assemble the necessary toolkit.

"If at any time there is a potential vulnerability identified, we will act promptly to investigate and resolve the issue," Samsung said.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/mobile/23617/the-best-smartphones-to-buy
Mobile

Best smartphone 2019: Apple, Samsung and OnePlus duke it out

24 Dec 2019
Visit/hardware/354336/the-it-pro-products-of-the-year-2019-all-the-years-best-hardware
Hardware

The IT Pro Products of the Year 2019: All the year’s best hardware

24 Dec 2019
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/hardware/tablets/354276/samsung-galaxy-tab-s6-review-the-best-android-tablet-out-there
tablets

Samsung Galaxy Tab S6 review: The best Android tablet out there

4 Dec 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/hardware/354584/windows-10-and-the-tools-for-agile-working
Sponsored

Windows 10 and the tools for agile working

20 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020