The Galaxy S10’s Fingerprint Reader Got Fooled by a 3D Printer

0

You can “fool” anything as long as you’re using it as intended while you try.

The Samsung Galaxy S10 is the first Samsung phone with an in-display fingerprint sensor, and unlike all other optical modules which we’ve seen before, Samsung went with Qualcomm’s ultrasonic sensor. In theory, the ultrasonic sensor is intended to be faster and more secure than any other optical module as it depends on ultrasonic waves to create a 3D map of your fingerprint, but that has proved otherwise. An Imager client was able to spoof the Samsung Galaxy S10 sensor by using a 3D printed fingerprint.

Galaxy_S10_fingerprint_scanner

As we all know that A lock wants a key but the lock doesn’t care where that key comes from. A person who is proficient at the right software was able to take a photograph of his fingerprint on a wine glass and then recreate it in three dimensions using a 3D printer. He uses a nylon print and a real finger to unlock the Samsung Galaxy S10.

It sounds significantly less like tricking the fingerprint reader if you approach it from this direction because the ultrasound of a fingerprint is used as the way to getting in, and where it comes from doesn’t matter. If you get a duplicate key of your house made at Home Depot and it works in the lock, have you fooled it?

uploadscardimage948904e644e481-1e47-48da-99bd-3c2ff8a590a9.jpg950x534__filtersquality90

This is a security risk. Somebody with the right camera and the right lens could easily snag a photo of your fingerprint from your wine glass, print it off, then steal your phone and unlock it. Fingerprint readers have always been this way, whether on a phone or something increasingly mundane for example A Passport. They aren’t foolproof as long as you aren’t generally trying to fool them, and creating an exact copy of anything is possible.

If you want or need your phone to be as secure as it can be don’t use biometrics of any kind to allow access.

Usernames vs. Passwords:

A greater concern is that biometrics really isn’t appropriate as passwords in the first place. Your fingerprint recognizes who you are and you have 10 fingerprints and none can ever be changed. A look at high-level security establishments that use biometrics for access is in order.

Your fingerprints are your identity, not your secret key. Looking into an optical eye-scanner or providing a full palm print to unlock a door isn’t providing a password, it’s providing an identity to it. A General or high-ranking executive always needs to tell that door who they are before the door decides if they can enter or not. Somebody could steal a key or hack a password, however they would still need to be on the list of people with access if they wanted to see what’s on the other side of a door sealed by biometrics.

fingerprint-sensor

But things are a bit different when it comes to a phone. Well, your phone and my phone, anyway: there are people who need to have truly secure communication devices but most of us aren’t one of those people who truly need security. All of us only need a way to make sure that our phone isn’t wide open in case it gets lost or stolen, or if we have friends who like to snoop on our stuff.

You probably have something on your phone that you wouldn’t want me to see or post on Facebook. The objective is to make sure that your phone is secure enough so that I can’t. The old proverb applies here that a lock only serves to keep honest people out so that somebody with the right amount of dedication, the right amount of time, and the right equipment can unlock any phone as long as the payoff is worth it. Chances are, the stuff on your phone doesn’t make for a big payoff. A phone thief only wants to be able to unlock and erase a phone fast enough to resell it before a carrier blacklists the serial number, and fingerprint sensors make that very difficult.

in_display_fps_etechro

Biometrics make security easy and that means more people will use it. Fingerprint sensors are flawed, this is true. They can be “fooled” by an exact copy that provides what they expect to find when being used, But in general, they have been a boon to both smartphone users and carriers because they are easy to use make it less profitable to steal a smartphone. When security is easy, more people will do it and everyone wins. If you need absolute security you probably shouldn’t be using a smartphone or should at least use a hardened model with a strong alphanumeric passphrase as the only means to unlock its data.

Also Read: Samsung Galaxy S10: Everything you need to know!

For the rest of us, keep using your fingerprint sensor and other assorted tools that make it hard for someone to get inside.

Pick a screen protector that won’t mess with the fingerprint sensor:

Invisibleshield Ultra Clear:

It is a screen protector which carries the “Designed for Samsung” certification, and while it’s not the tempered glass screen protectors we normally look to InvisibleShield for, these protectors are shiny, clear, and case-friendly.

zagg-invisibleshield-ultra-clear-screen-protector-s10-cropped

They’re also easier to install than all others most. The lifetime warranty of these protectors here is just as tough as ever, offering replacements if your film ever clouds, tears, or warps. you can buy Invisibleshield Ultra clear protector from ZAGG at just $30. 

Whitestone Dome Glass

These screen protectors use a UV curing wet-install system to ensure a secure fit, and so far they claim to be the only tempered glass screen protectors that will work with the Samsung Galaxy S10’s ultrasonic in-display fingerprint sensor.

whitestone-dome-glass-s10-screen-protector-render-cropped

Whitestone is mighty proud of its products and its pricing also reflects that, but it’s still cheaper than replacing a broken screen. if you want to purchase Whitestone Dome Glass you can buy them from Amazon in just $70. 

LEAVE A REPLY

Please enter your comment!
Please enter your name here