Back in March, when Samsung launched the Galaxy S10, they described its fingerprint scanner as "revolutionary." The in-screen scanner uses ultrasound to detect the ridges of users' fingers and match it to stored data. Previous versions of in-screen fingerprint scanners tended to use optical scanners, which projected light under the screen and read your fingerprint that way. But it turns out that the only revolutionary thing about the ultrasound sensor is how easy it is to bypass it.
A British couple recently discovered the flaw after a woman fitted her Galaxy S10 with a gel screen protector she found on eBay for £2.70. After registering her thumbprint with the new protector fitted, she discovered that her other thumbprint – which wasn't registered – also unlocked the device. When her husband tried to unlock it, it opened for both his thumbs. The same screen protector caused the same issue when fitted to another S10.
Samsung – for their part – said that users should only use Samsung-authorised screen protectors. They later followed up and said that they were investigating the issue internally. The smartphone giant also said that it would soon issue a software patch. It's possible that this is linked to previous reports that other unofficial screen protectors caused issues with the fingerprint sensor because they left a small air gap, which interfered with the ultrasound.
While it's encouraging that Samsung is working quickly to fix this, the underlying issue is somewhat more worrying. Obviously, ultrasound fingerprint scanning is still a very nascent technology, and it's likely that this issue has been around since day one. With that in mind, it's not difficult to imagine that there are other Day Zero attacks like this that simply haven't come into mainstream knowledge yet.
In the meantime, if you have a Galaxy S10, follow Samsung's advice and only use Samsung-authorised screen protectors. Hopefully, the software patch comes sooner rather than later.
Source 1: The Sun
Source 2: BBC
The post Samsung will fix Galaxy S10 flaw that let anyone bypass fingerprint unlock appeared first on xda-developers.
No comments:
Post a Comment