Maybe you’ve already seen the many headlines today about a security problem with the Samsung Galaxy S10, which suggest that
any fingerprint can unlock a Galaxy S10 phone.
The reports all stem from a story
published a few days ago in The Sun, describing the experiences of 34-year-old Lisa Neilson. As
The Sun describes, Lisa bought a £2.70 case for her Samsung S10 to protect its screen.
With the screen on, Lisa set up her right thumb print to access the phone but later used her left, which unlocked it.
She found any print unlocked the phone.
Lisa, from Castleford, West Yorks, said: “Anyone can access it and could get into the financial apps and transfer funds.”
Samsung said people should only use authorised screen protectors.
She got husband Wes, 34, to try and both his thumbs were also able to open the phone through the gel cover.
When the Galaxy S10 was released in March 2019, Samsung bragged about its “next generation vault-like security” with an ultrasonic fingerprint scanner fused directly into its front screen, that could even work when your hand was wet.
So, how could this “next generation” fingerprint scanner be doing such a poor job of telling fingerprints apart? The answer, I suspect, lies in Lisa’s screen protector and that Samsung chose to use an ultrasonic fingerprint sensor rather than optical or capacitive sensors used by other devices. Sound-based fingerprint sensors send an ultrasonic bounce against the finger pressed against the phone, and listen to the sound print based upon how the pulse bounces back from the ridges of your finger. However, if you register your fingerprint on an ultrasonic fingerprint sensor which is behind the wrong type of screen protector that might – in the worst cases – be little better than trying to read a fingerprint through rubber gloves! In short, the phone has “registered” a fingerprint which may look like any finger pressing through the screen protector. Ultrasonic fingerprint scanners can have problems with some screen protectors, as they may register the sound of a “fingerprint” which is bounced back off the screen protector rather than the actual fingerprint’s ridges. In other words – a fingerprint was not reliably registered in the first place.
malwaretips.com
