Fingerprint Sensor Flaw Lets Anyone Unlock Samsung's Galaxy S10 Smartphone

[Tsing]

An embarrassing security flaw has been discovered with the Samsung Galaxy S10's "revolutionary" under-screen fingerprint sensor. It turns out that anyone can unlock the smartphone if it's outfitted with certain silicone screen protectors.

The issue lies with the sensors picking up on 3-dimensional patterns within the covers. Samsung plans to release a fix "as early as next week," but in the meantime, it advises users to remove them and "delete all previous fingerprints and newly register their fingerprints."

With the screen on, Lisa set up her right thumb print to access the phone but later used her left, which unlocked it. She found any print unlocked the phone. Lisa, from Castleford, West Yorks, said: “Anyone can access it and could get into the financial apps and transfer funds.”

 

[Uvilla]

Neh, not too embarrassing.. theres a lot of permutations when it comes to these things... But really the computer only knows what it sees, so the protector is acting as if a finger print... I imagine they will try to calibrate it... Or have the reader do a blank calibration prior reading as to compensate for the protector... Problem with that is, once the protector is off, or changed, then what? Might not read it...

 

[Zarathustra]

Did they not test these things at all prior to launch?

 

[AntiQuark]

This could be a general flaw in fingerprint recognition.
If a stick on filter layer invisible to the eye and feel were fitted over the whole screen it would render all old fingerprints invalid, needing them to be set up again.
ie the filter has a fingerprint embedded already.
Which then leaves the phone open to anyone.
Quite a simple attack vector for anyone who has access to a phone they want to inspect.