UPDATED 16:09 EST / OCTOBER 17 2019


Samsung promises patch after user finds Galaxy S10 fingerprint reader can be fooled

It all started with a $3.50 screen protector.

Samsung Electronics Co. Ltd. said today that it will release an update for its Galaxy S10 flagship smartphone to fix a fingerprint reader vulnerability discovered accidentally by a user. The fix could come as early as next week.

The customer, who first shared the issue with a British tabloid, found that she could fool the sensor using a cheap display cover ordered online. Putting a thin layer of plastic over it allows anyone to unlock a Galaxy S10 regardless of whether they’re the owner.

It’s not the first time that the Galaxy S10 has been shown to be vulnerable. Shortly after the device hit stores in March, an anonymous security researcher showed it’s possible to unlock Samsung’s flagship phone using a photo of the handset owner’s thumb. But whereas that method requires a 3-D printer and a thumbprint sample, this latest bug can be exploited with no special tools or know-how, making it a much more serious issue.

The problem is especially severe since it’s apparently not limited to the Galaxy S10. Samsung’s Galaxy Note 10 is susceptible, too, according to a video posted on social media. 

The common denominator is that both devices ship with the same ultrasonic in-screen fingerprint reader. Whereas most sensors in the category work by taking a photo of the user’s thumb, the one in the S10 and Note 10 operates more like sonar. It measures how sound waves bound back from the user’s finger to reconstruct the ridges and valleys of their fingerprint.

It’s not clear if the vulnerability is the fault of the sensor itself or the way Samsung’s devices are configured. The fingerprint reader is made by Qualcomm Inc., which claims the technology is more secure than traditional scanners because the sound-based imaging method creates a detailed model of the user’s finger that is harder to copy.

Samsung didn’t say when the security fix will become available. The company is believed to have shipped 16 million Galaxy S10 units between April and July alone, which means a lot of Android users will be updating their devices in the near future. 

Image: Samsung

Since you’re here …

Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!

Support our mission:    >>>>>>  SUBSCRIBE NOW >>>>>>  to our YouTube channel.

… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.