Recently, a serious security hole was revealed that Samsung Galaxy 10 and Note 10 series mobile phones can be unlocked with any fingerprint. A UK user unlocked her Samsung Galaxy S10 with a fingerprint that hasn’t be scanned. According to Samsung’s official statement, this vulnerability lies in the fingerprint misidentification that can be fixed by a patch.
Samsung’s fingerprint misidentification
On Oct. 13, a UK couple discovered Samsung’s fingerprint misidentification. The wife scanned her right thumbprint with a fully covered silicone case and then unlocked her S10 with the left thumb and even her husband’s thumbprints, which shocked them. That is to say, anyone can access the phone. If so, her private data on the phone can be accessed. What’s worse, her financial accounts could also be compromised and she would suffer big property losses.
It is essential to ensure the security of your phone because your personal information and financial details can be accessed by others via your phone. Nowadays, most payment services enable a user to make a payment with the fingerprint. In this case, if your Samsung phone can be unlocked by any fingerprint, anyone can verify payment on your phone. This leaves your sensitive data and property vulnerable to hackers.
No wonder so many banks denied login or payment via a fingerprint. For instance, two UK banks removed their mobile banking apps directly from Samsung Galaxy S10. The Bank of China turned off the fingerprint sign-in for its mobile banking app on Samsung. Israeli banks also disabled login via a fingerprint on their mobile banking apps.
How did Samsung respond to this problem?
This problem is extremely serious and Samsung Electronics immediately realized this. The day after the discovery, it confirmed that there were vulnerabilities about the ultrasonic fingerprint scanner on Samsung Galaxy S10 and the Note 10 series. It was claimed that this was only a malfunction that could be resolved with a patch. In addition, it advised users to stop using screen covers, remove previous fingerprints and register new fingerprints without a screen protector. This was just a temporary solution to the security issue. Relevant fixes will be published as soon as possible.
On October 24, Samsung Electronics announced that a software update had been released to resolve the fingerprint identification issue in the Samsung Galaxy S10 and Galaxy Note 10 series. On “Samsung Members”, Samsung also made an apology and kindly remind its users to update their biometric authentication to the latest version of the software as soon as possible. According to Samsung, the device is unlocked when the ultrasonic fingerprint sensor identifies the 3D pattern on a special silicone screen protector as the user’s fingerprint. Samsung users were advised to remove the protective film, delete all previous fingerprints and re-register fingerprints.
This ultrasound fingerprint scanner was once the pride of Qualcomm. It can not only identify the fingerprint texture of the user through water, grease and other things but also human blood. Thus, fake phones and artificial skin can not fool the ultrasonic fingerprint scanner. Samsung praised it as a revolution in biometric authentication at the launch.
Why was there a security problem with the Samsung ultrasonic fingerprint scanner?
Some netizens believe that this is because the British user has registered her fingerprint when using a screen cover. In fact, the texture of the silicone case instead of the user’s fingerprint is scanned. Samsung used Qualcomm’s third-generation 3D ultrasonic fingerprint sensor to identify fingerprints ultrasonically. This allows the phone to scan the texture of the silicone case when the user registers a fingerprint over the silicone case. They still consider the ultrasonic fingerprint scanner as the most advanced technology in the industry.
Some Internet users also have concerns about the security of this technology. They are of the opinion that the ultrasonic fingerprint scanner itself is not secure enough.
Later, an Internet user claims to unlock the Samsung phone with an unregistered fingerprint when the phone is applied a TPU film. In this case, the user registered a fingerprint without a screen cover. It makes Samsung’s security issue more sophisticated.
What do you think about it? Aside from such security issues, your privacy is also vulnerable to hackers when surfing the Internet. You should install a VPN on your phone to stay safe and private online.