Samsung Galaxy 10 and Note 10 series have a serious security issue with the ultrasonic fingerprint scanner, which was revealed recently. A user who registered a fingerprint after the phone was covered with a screen protector can unlock this phone with other fingers that didn’t register. Samsung officially said this security flaw was the malfunctioning fingerprint recognition and a patch would be issued as soon as possible to fix it.
Samsung’s malfunctioning fingerprint recognition
This was first discovered by a British couple on October 13. The wife applied a screen protector to her Samsung Galaxy S10 and scanned her right thumbprint. Then, she found that her left thumb, which hasn’t registered, could unlock her S10. So did her husband’s thumbs. However, the fingerprint is used to unlock a phone as well as to pay, which will raise a lot of concerns. Your smartphone security is essential to your personal information and financial security. Because various payment services, including Samsung Pay, allow users to verify a payment with their fingerprints. This means that anyone can access your mobile banking apps on Samsung smartphones, which poses a big threat to the financial security of users.
As a result, many relevant service providers took action to avoid being affected by this security flaw. For example, the Bank of China announced on Oct. 19 that it would disable the fingerprint login function for its mobile banking app on Samsung. Natwest and Nationwide Building Society, two British Banks, even removed their mobile banking apps directly from Samsung Galaxy S10. Another Israeli netizen said they were not allowed to log in to the mobile banking apps with a fingerprint.
How did Samsung respond to this issue?
Samsung Electronics immediately recognized the seriousness of this case and issued an official statement the day after the discovery, admitting that there was a malfunction with the fingerprint recognition program on Samsung Galaxy S10 and Note 10 series. It claimed that it was a malfunction that can be fixed with a patch. Relevant fixes will be released as soon as possible. In addition, users could adopt a temporary solution before the patch was released by keeping away from a screen cover and deleting fingerprints scanned with a screen cover.
On October 24, Samsung Electronics announced that it had released a software update to fix the fingerprint identification vulnerability of Samsung Galaxy S10 and Galaxy Note 10 series of mobile phones. Samsung also apologized to users on “Samsung Members” and reminded them to update their biometric authentication to the latest version of the software as soon as possible. Samsung said it unlocks the device when the ultrasonic fingerprint sensor treats the 3D pattern on a specific silicone screen protector as the user’s fingerprint. Samsung advised users to remove the protective film, remove all previous fingerprints and re-register.
This ultrasonic fingerprint scanner used to be the pride of Qualcomm. It can not only identify the user’s fingerprint texture through water, grease and other things but also detect human blood, which means that fake phones and artificial skin are impossible to fool the ultrasonic fingerprint scanner. Samsung touted it at the launch as a revolution in biometric authentication.
Why was there a security issue with Samsung’s ultrasonic fingerprint scanner?
Some netizens think it is because the British user registered her fingerprint when using a fully covered silicone case (that is to say, the phone also has a transparent silicone case on the screen). Actually, it is the texture of the silicone case that is scanned, but not her fingerprint. Samsung used Qualcomm’s third generation of the 3D ultrasonic fingerprint sensor, which identifies fingerprints via ultrasonic. So, the phone may scan the texture of the silicone case when the user registers a fingerprint over the silicone cover. They believe that the ultrasonic fingerprint scanner from Samsung and Qualcomm is still the most advanced technology in the industry.
Some netizens also have concerns about the security of this technology. They hold the view that it is the ultrasonic fingerprint scanner itself not safe enough.
Later, a netizen said that the Samsung phone could be unlocked with the unregistered fingerprint only over a TPU film even if the fingerprint was scanned without a screen cover. If so, it would be more complex.
What do you think? Except for such security issues, your privacy is also vulnerable to hackers while you surfing the Internet. You’d better install a VPN on your phone to stay safe and private online.