Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Samsung issues patch for Galaxy S10 fingerprint sensor problem

Following confirmed accounts that the Galaxy S10's fingerprint sensor can be defeated with a cheap screen protector, Samsung says it has issued a software patch to resolve it.

Samsung says that it has issued a software update to resolve problems with the fingerprint scanner on both the Galaxy S10 and Note 10. It's recommending that users update their phones to the latest software version.

Previously, users had discovered that the security fingerprint scanner could be entirely bypassed if a cheap screen protector was fitted to a phone.

According to Reuters, Samsung says that the issue was to do with patterns from the protectors being recognized alongside the legitimate fingerprints. While Samsung has not explained how this could result in phones being unlocked, AppleInsider consulted with the Department of Defense.

The exact mechanism of failure is not yet known. However, it didn't even require a finger to fool the fingerprint sensor — any similarly shaped object functioned as an ersatz digit, and would trigger the unlock through the screen protector.

It took Samsung seven days to issue the patch from the first wide and public reports of the problem. Based on the account originally published, it appears the company knew about the flaw for about a week before press got wind of the matter.

It isn't clear how pre-release testing missed the flaw. While Samsung hasn't commented on that in particular, it has issued an apology over its phone app.

"Samsung Electronics takes the security of products very seriously and will make sure to strengthen security through continuing improvement and updates to enhance biometric authentication functions," the company said on the app.

Since the failure, multiple banks and other apps relying on the authentication have removed support for the feature.



22 Comments

wood1208 10 Years · 2938 comments

It's Samsung. Throw something half backed to users than buy time to fix it.

ArloTimetraveler 5 Years · 110 comments

wood1208 said:
It's Samsung. Throw something half backed to users than buy time to fix it.

Yes, I think it is this

randominternetperson 8 Years · 3101 comments

I say this when Apple does it, and I'll say it now:  going from learning of a hardware defect to releasing a fix in 2 weeks is pretty darn impressive.  

Having said that, this defect is more ridiculous that any Apple bug/oversight than I can think of.

My assumption is that this can't be as bad as the article implies.  Surely I can't walk up to your Samsung phone, add a screen protector and now I can unlock your fingerprint-protected phone, right?  It's gotta be that if you have a certain type of protector on when you enroll your fingerprint any finger thereafter will unlock it.  Which means that I can't use this vector to attack any phone that didn't start with a bad screen protector.  That seems plausible, right?  

bsimpsen 14 Years · 401 comments

I say this when Apple does it, and I'll say it now:  going from learning of a hardware defect to releasing a fix in 2 weeks is pretty darn impressive.  

Having said that, this defect is more ridiculous that any Apple bug/oversight than I can think of.

My assumption is that this can't be as bad as the article implies.  Surely I can't walk up to your Samsung phone, add a screen protector and now I can unlock your fingerprint-protected phone, right?  It's gotta be that if you have a certain type of protector on when you enroll your fingerprint any finger thereafter will unlock it.  Which means that I can't use this vector to attack any phone that didn't start with a bad screen protector.  That seems plausible, right?  

Yes, that seems plausible. If that's the issue, Samsung's problem was in not requiring some minimum quality level for enrollment of a fingerprint. That's not a hardware defect, that's a rookie level error in important security software. In the past, Apple has fixed software security problems in well under two weeks from discovery. I am not impressed by Samsung in this instance.

netmage 14 Years · 314 comments

Nope - saw a video that showed exactly that in detail. Enrolled a new set of fingers, saw them work, saw wrong fingers not work, put piece of film over reader/screen, wrong finger works.