UPDATED 16:09 EDT / OCTOBER 17 2019

SECURITY

Samsung promises patch after user finds Galaxy S10 fingerprint reader can be fooled

It all started with a $3.50 screen protector.

Samsung Electronics Co. Ltd. said today that it will release an update for its Galaxy S10 flagship smartphone to fix a fingerprint reader vulnerability discovered accidentally by a user. The fix could come as early as next week.

The customer, who first shared the issue with a British tabloid, found that she could fool the sensor using a cheap display cover ordered online. Putting a thin layer of plastic over it allows anyone to unlock a Galaxy S10 regardless of whether they’re the owner.

It’s not the first time that the Galaxy S10 has been shown to be vulnerable. Shortly after the device hit stores in March, an anonymous security researcher showed it’s possible to unlock Samsung’s flagship phone using a photo of the handset owner’s thumb. But whereas that method requires a 3-D printer and a thumbprint sample, this latest bug can be exploited with no special tools or know-how, making it a much more serious issue.

The problem is especially severe since it’s apparently not limited to the Galaxy S10. Samsung’s Galaxy Note 10 is susceptible, too, according to a video posted on social media. 

The common denominator is that both devices ship with the same ultrasonic in-screen fingerprint reader. Whereas most sensors in the category work by taking a photo of the user’s thumb, the one in the S10 and Note 10 operates more like sonar. It measures how sound waves bound back from the user’s finger to reconstruct the ridges and valleys of their fingerprint.

It’s not clear if the vulnerability is the fault of the sensor itself or the way Samsung’s devices are configured. The fingerprint reader is made by Qualcomm Inc., which claims the technology is more secure than traditional scanners because the sound-based imaging method creates a detailed model of the user’s finger that is harder to copy.

Samsung didn’t say when the security fix will become available. The company is believed to have shipped 16 million Galaxy S10 units between April and July alone, which means a lot of Android users will be updating their devices in the near future. 

Image: Samsung

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU