SECURITY
SECURITY
SECURITY
Samsung promises patch after user finds Galaxy S10 fingerprint reader can be fooled
It all started with a $3.50 screen protector.
Samsung Electronics Co. Ltd. said today that it will release an update for its Galaxy S10 flagship smartphone to fix a fingerprint reader vulnerability discovered accidentally by a user. The fix could come as early as next week.
The customer, who first shared the issue with a British tabloid, found that she could fool the sensor using a cheap display cover ordered online. Putting a thin layer of plastic over it allows anyone to unlock a Galaxy S10 regardless of whether they’re the owner.
It’s not the first time that the Galaxy S10 has been shown to be vulnerable. Shortly after the device hit stores in March, an anonymous security researcher showed it’s possible to unlock Samsung’s flagship phone using a photo of the handset owner’s thumb. But whereas that method requires a 3-D printer and a thumbprint sample, this latest bug can be exploited with no special tools or know-how, making it a much more serious issue.
The problem is especially severe since it’s apparently not limited to the Galaxy S10. Samsung’s Galaxy Note 10 is susceptible, too, according to a video posted on social media.
The common denominator is that both devices ship with the same ultrasonic in-screen fingerprint reader. Whereas most sensors in the category work by taking a photo of the user’s thumb, the one in the S10 and Note 10 operates more like sonar. It measures how sound waves bound back from the user’s finger to reconstruct the ridges and valleys of their fingerprint.
It’s not clear if the vulnerability is the fault of the sensor itself or the way Samsung’s devices are configured. The fingerprint reader is made by Qualcomm Inc., which claims the technology is more secure than traditional scanners because the sound-based imaging method creates a detailed model of the user’s finger that is harder to copy.
Samsung didn’t say when the security fix will become available. The company is believed to have shipped 16 million Galaxy S10 units between April and July alone, which means a lot of Android users will be updating their devices in the near future.
Image: Samsung
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
