The Samsung Galaxy S10 fingerprint sensor bypass method that could put you at risk
Samsung has confirmed it will be rolling out a software patch to fix a fatal fingerprint authentication flaw in the Galaxy S10. The flagship device was launched by Samsung in March and positioned as offering a “revolutionary new bio-metric authentication feature”.
The fingerprint authentication was designed to send ultrasounds to detect 3D ridges of fingerprints, in order to securely detect the user. Recently, however, the feature has been discovered to be compromised by third-party screen protectors. The discovery was made by Lisa Neilson, who found her device could be unlocked regardless of the registered bio-metric data when fitted with a third-party screen protector.
According to Samsung’s customer support app, the patterns of some third-party screen protectors can be recognised by the Galaxy S10 ultrasonic fingerprint scanner.
This means a security breach can occur when patterns of some protectors, that come with silicone phone cases, are recognised along with fingerprints. Consequently, anyone could access financial apps featuring fingerprint authentication and transfer funds.
In light of the discovery, Samsung has recommended all customers use Samsung authorised accessories while the software update is underway.
Banking apps implement counter measures
In the meantime, NatWest and RBS have removed their banking apps from the Play Store for Galaxy S10 owners.
Nationwide Building Society has disabled the fingerprint log-in option from inside the app.
It remains unclear whether other banking apps, such as PayPal and chase, will implement such countermeasures.
Devices that are vulnerable to this fingerprint sensor bypass method include the; Galaxy S10, S10+, Galaxy Note 10, Note 10+ and S10 5G models.
The latest malfunction, combined with reports that the Galaxy Fold was breaking, bulging and ‘blinking’ during the initial launch earlier this year; not to mention an explosive suspension of the Galaxy Note 7 in 2016, perhaps represents another grim consequence of a hasty and excessively ambitious hardware development cycle.
It’s uncertain whether the latest malfunction will drive away loyal Samsung users, but remains clear that Samsung will need to re-think the balance between speed and long-term safety.