Samsung Galaxy S10's ultrasonic biometric authentication is not foolproof
Samsung's Galaxy S10 flagships, by far the best phones of 2019, may not be the most secure devices. Recently, YouTuber Lewis Hilsenteger (Unbox Therapy) revealed how S10's face unlock security can be easily defeated by 2D pictures and videos. And now, an Imgur user has bypassed the phone's ultrasonic in-display fingerprint sensor using just 3D-printed casts. Here's more on S10's security concerns.
Firstly, let's understand the different security features of Galaxy S10/S10+
Alongside the standard PIN/Passcode unlocking, S10 flagships support face unlock and fingerprint scanning. The camera-based face unlock feature uses a 2D image of the face to unlock your phone. Therefore, it is simple to fool it. Then, there's the ultrasonic in-display fingerprint sensor which uses sound waves to create a 3D map of your prints and hence, it is considered to be more secure.
Turns out, the ultrasonic fingerprint sensor is not infallible
Imgur user darkshark's hack suggests the ultrasonic fingerprint sensor on S10/S10+ is not infallible. He started by taking a photograph of his fingerprint with a smartphone and then used software to gather its depth information. Now, he used this depth data to 3D print a model of his fingerprint impression on a transparent strip. Notably, the 3D-printed strip easily unlocked his Galaxy S10+.
User raises concerns around smartphone security
In his post, darkshark notes that if someone steals your phone, the fingerprints will already be present on it. Moreover, he notes that "he can do this entire process (aforementioned process) in less than 3 minutes and remotely 3D print a fingerprint impression." He adds that given most banking apps accept fingerprint authentication, one can lose all their money in minutes.
Should you stop using in-screen fingerprint sensors?
No, you should not stop using the in-screen fingerprint sensor - whether ultrasonic or optical. We know all kinds of biometric scanners have been hacked and there is always going to be a trade-off between convenience and security. However, these biometric systems are secure enough for regular stuff and free from the hassle of remembering and entering complicated passwords.
