William Gallagher
Following confirmed accounts that the Galaxy S10's fingerprint sensor can be defeated with a cheap screen protector, Samsung says it has issued a software patch to resolve it.
Samsung says that it has issued a software update to resolve problems with the fingerprint scanner on both the Galaxy S10 and Note 10. It's recommending that users update their phones to the latest software version.
Previously, users had discovered that the security fingerprint scanner could be entirely bypassed if a cheap screen protector was fitted to a phone.
According to Reuters, Samsung says that the issue was to do with patterns from the protectors being recognized alongside the legitimate fingerprints. While Samsung has not explained how this could result in phones being unlocked, AppleInsider consulted with the Department of Defense.
The exact mechanism of failure is not yet known. However, it didn't even require a finger to fool the fingerprint sensor — any similarly shaped object functioned as an ersatz digit, and would trigger the unlock through the screen protector.
It took Samsung seven days to issue the patch from the first wide and public reports of the problem. Based on the account originally published, it appears the company knew about the flaw for about a week before press got wind of the matter.
It isn't clear how pre-release testing missed the flaw. While Samsung hasn't commented on that in particular, it has issued an apology over its phone app.
"Samsung Electronics takes the security of products very seriously and will make sure to strengthen security through continuing improvement and updates to enhance biometric authentication functions," the company said on the app.
Since the failure, multiple banks and other apps relying on the authentication have removed support for the feature.
Sponsored Content
Wesley Hilliard
AppleInsider Staff
Andrew Orr
Amber Neely
22 Comments
It's Samsung. Throw something half backed to users than buy time to fix it.
I say this when Apple does it, and I'll say it now: going from learning of a hardware defect to releasing a fix in 2 weeks is pretty darn impressive.
Having said that, this defect is more ridiculous that any Apple bug/oversight than I can think of.
My assumption is that this can't be as bad as the article implies. Surely I can't walk up to your Samsung phone, add a screen protector and now I can unlock your fingerprint-protected phone, right? It's gotta be that if you have a certain type of protector on when you enroll your fingerprint any finger thereafter will unlock it. Which means that I can't use this vector to attack any phone that didn't start with a bad screen protector. That seems plausible, right?
Nope - saw a video that showed exactly that in detail. Enrolled a new set of fingers, saw them work, saw wrong fingers not work, put piece of film over reader/screen, wrong finger works.