Any finger will do? Samsung Galaxy S10 with a screen protector reportedly easy to fool

Note 10 has same ultrasonic tech for 'vault-like security'

Samsung's ultrasonic fingerprint reader may have a critical security flaw
Samsung's ultrasonic fingerprint reader may have a critical security flaw

Samsung is investigating a critical issue with its Galaxy S10 and Note 10 smartphones after reports that it fails to discriminate between different fingerprints if a screen protector is fitted.

The Galaxy S10 features what Samsung calls "a revolutionary new biometric authentication feature... an in-display fingerprint sensor fused into the Infinity-O Display, providing invisible yet vault-like security that keeps your data safe... it sends ultrasonic pulses to detect the 3D ridges and valleys of your unique fingerprint."

This type of scanner is fitted to the Galaxy S10, S10+, and S10 5G. Galaxy S10e features a different design. However, the same type of ultrasonic sensor is fitted to the Note 10.

Samsung's pitch for its revolutionary ultrasonic fingerprint reader

Samsung's pitch for its revolutionary ultrasonic fingerprint reader

It was not technical experts but rather a reader of Brit tabloid The Sun who discovered what appears to be a critical flaw in the technology. Lisa Neilson from Castleford, West Yorkshire, discovered that, having registered her right thumb on the device with a screen protector fitted, "any print unlocked the phone" – including her husband's.

A screen protector is designed to be transparent to the eye, but not to an ultrasonic pulse. Possible reasons for the flaw are either that the sensor sees the protector as well as the finger, to the extent that the protector plus another finger is detected as similar, or that it too much distorts the ultrasonic image.

Initially the firm recommended that customers should use "Samsung authorised accessories, specifically designed for Samsung products."

Since then, Samsung has said a software patch, due out next week, will fix it, and gave us the following statement: "We are investigating this issue and will be deploying a software patch soon. We encourage any customers with questions or who need support downloading the latest software to contact us directly at 0330 000 0333." ®

Sponsored: Beyond the Data Frontier

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER




Biting the hand that feeds IT © 1998–2019