The in-display fingerprint reader of the new Samsung Galaxy S10 appears to have been fooled by a synthetic, 3D-printed fingertip.
Unlike other smartphone fingerprint sensors, the Galaxy S10 uses ultrasonic technology to read the physical contours of a person's fingertip. This, Samsung says, makes for a better biometric authentication system, which is more secure than those used by its rivals.
- Samsung Galaxy S10 hands-on first impressions
- Finally, smartphones are exciting again - and Apple had nothing to do with it
- Apple Face ID spoofed by $150 3D-printed mask
Although that may still be the case, the system has allegedly been fooled by a 3D-printed synthetic fingertip. A video uploaded to Imgur by a user called 'darkshark' shows how a fingerprint on a wine glass was photographed, processed in Photoshop, then 3D-printed.
When placed onto the display of the Galaxy S10, the phone recognized it as a human finger and unlocked the device.
The anonymous person behind this hack says three attempts were made to create a working print and that, once these issues were ironed out, the process took 13 minute from taking the photograph to unlocking the phone.
"The 3D print will unlock my phone...in some cases just as well as my actual finger does," the person said, adding that fingerprints are easy to steal because — given their glass construction — they often appear in great quantities on the phone itself.
The person added: "If I steal someone's phone, their fingerprints are already on it. I can do this entire [photographing] process in less than three minutes and remotely start the 3D print so that it's done by the time I get to it. Most banking apps only require fingerprint authentication so I could have all of your info and spend your money in less than 15 minutes if your phone is secured by fingerprint alone."
GearBrain has contacted Samsung for a comment and will update this article when we get a reply.
Although the consequences are of course serious - this process gives access to a locked smartphone, including the owner's bank account — it is unlikely that regular consumers have much to worry about. The effort of photographing a print then creating the finger and accessing the phone, all on the off-chance there is data worth stealing, is too much for most criminals.
But if the target is a high-profile person, who may carry sensitive or valuable information on their Galaxy S10, it's a different story. This leads to the potential for state-sponsored attempts to create a fingertip, steal the target's phone, and access the data within.
This news comes soon after it was revealed the Galaxy S10's facial recognition system — which only uses the front-facing camera — can be fooled by showing it a photo of the owner, either on paper or on the display of another phone.
These unlocking attempts come 18 months after Apple's FaceID system was compromised. In that instance, a Vietnamese cybersecurity firm produced a 3D-printed mask for $150, which was able to dupe an iPhone X into thinking it was looking at its registered owner.
Of course, such an elaborate hack is unlikely to cause sleepless nights for many iPhone X owners, but the firm said it believes there are certain users who should be worried about their findings. "Country leaders, leaders of major corporations...are the ones that need to know about the issue, because their devices are worth illegal unlock attempts."