UPDATED 21:55 EDT / APRIL 07 2019

SECURITY

Samsung Galaxy S10 fingerprint scanner easily tricked by rubber finger

In something straight out of a Hollywood movie, the fingerprint scanners on Samsung Electronics Co. Ltd.’s flagship Galaxy S10 devices can be easily tricked by a rubber finger.

Detailed Friday a hacker by the name of Darkshark9, the hack of the fingerprint scanner requires some work and involves the use of the 3-D scanner.

The in-screen fingerprint scanner in the Galaxy S10 models uses an ultrasonic process unlike previous fingerprint scanners which used a visual process. The ultrasonic process takes a 3-D image of the given fingerprint rather than a 2-D image, in theory making it more secure.

But as it turns out, even that can be tricked. In Darkshark9’s demonstration, he takes a fingerprint from a wine glass, runs it through various software packages then eventually prints out a plastic finger with the fingerprint on it using a 3-D printer. The finger then opens a Galaxy S10 every time.

The “hack” of sorts is not one that could easily be done by a layman on the street, but the technology involved isn’t that advanced either. That means those with both knowledge and intent could easily recreate it.

That opens a Pandora’s Box of security concerns. Cryptocurrency sites have rightly pointed out that it could ultimately lead to hackers gaining access to crypto wallets store on the Samsung devices, since they ship with wallets installed. But the same could go for any app that requires a fingerprint, such as a banking app.

For now Samsung has yet to comment on the hack, nor offer a solution. Whether general users should be concerned, though, is another matter.

As Davey Winder at Forbes noted, high-profile individuals should be concerned given the security risk, but others not so much.

“Sure, if someone stole your phone they could, in theory, get access not only to your personal data but also your bank account, as most of these now rely upon fingerprint ID to authenticate the user to the app,” Winder wrote. “That is assuming the person who stole it also has the 3-D printer and technical skills to create the clone fingerprint, along with the desire so to do, which is quite the assumption to make.”

Image: Samsung

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.