The ultrasonic fingerprint scanner feature in the Samsung Galaxy S10 can be duped into unlocking the device with the help of a 3D printed fingerprint stolen from its owner as shown by Reddit user darkshark9.
According to Samsung's description, to use the in-screen fingerprint scanner one only has to "Simply touch the glass to unlock. We've moved security from the back of the phone to the front, fusing the Ultrasonic Fingerprint directly into the screen."
In addition, Samsung says in a support document designed to explain how to set up and use the in-display fingerprint scanner on the Galaxy S10:
That’s why fingerprint security on Galaxy phones is so safe and secure, and the Galaxy S10 series has improved recognition to unlock your phone even faster than before.
Samsung also says when describing the In-Display Fingerprint ID that "Leveraging unique biometric identifiers to authenticate users provides a high level of protection for sensitive data, while mobile users enjoy a convenient unlock and sign-in experience. It’s — literally — security at your fingertips."
Unfortunately, while "security" is mentioned on Galaxy S10's main website, the feature's description, and on the support website, Reddit user darkshark9 proved that the new sensor is not as secure as the Korean company touts it to be.
He managed to unlock his Samsung Galaxy S10 using his 3D printed fingerprint picked up from a photo of a wine glass taken using the smartphone. However, as darkshark9 explains, this can be done using a DSLR camera to steal one's fingerprint from across the room or even from a lot farther away with the help of a telephoto lens.
He goes on detailing the fingerprint 3D printing process in detail:
I then pulled the image into Photoshop and increased the contrast, and created an alpha mask.
I exported that over to 3ds Max and created a geometry displacement from the Photoshop image which gave me a raised 3d model of every last detail of the fingerprint.
I popped that model into the 3D printing software and began to print it. This was printed using an AnyCubic Photon LCD resin printer, which is accurate down to about 10 microns (in Z height, 45 microns in x/y), which is more than enough detail to capture all of the ridges in a fingerprint.
Printed perfectly. Print time was only around 13 minutes.This goes to show that, while using a smartphone's face unlock or fingerprint scanner could make unlocking the device a lot faster, using a pin or a password to protect the sensitive information on one's phone (from personal photos to banking info) is the only way to go.
darkshark9 also said that, while it took him three tries until he got the perfect 3D printed fingerprint, once that was available it allowed him to unlock his phone just as well as his actual finger.
Face unlock also shown to be insecure
As shown last month, Samsung Galaxy S10's face recognition-based screen lock feature can also very easily be fooled as proven by multiple reports coming from customers, experts, and tech reviewers.
During January, the Dutch Consumentenbond not-for-profit organization was able to show after testing 110 smartphone models from multiple vendors that in the case of 42 of them the face unlock feature can quickly be circumvented using a high-quality portrait photo of the owner.
While Dutch Consumentenbond's report was not that the first to have surfaced about facial recognition used by smartphones and personal computers being easily bypassed with a simple photo, it was definitely the most comprehensive series of tests yet.
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now