Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

MacRumors

macrumors bot
Original poster
Apr 12, 2001
52,023
13,644



A major flaw in Samsung's Galaxy S10 smartphone has been discovered that basically means any fingerprint can unlock the device with the help of a cheap screen protector.

samsung-galaxy-s10-lineup-2019.jpg

According to the BBC, a British woman discovered the authentication flaw after she applied a cheap gel screen protector bought off eBay to her Galaxy S10.

She soon discovered that she was able to authenticate as the owner by pressing her left thumbprint against the phone's onscreen fingerprint sensor - the problem being that she hadn't registered her thumb with the device's biometric authenticaton system.

Her suspicions were confirmed when her husband was also able to unlock the phone by pressing either one of his thumbs on the screen's built-in sensor. The screen protector was then applied to another relative's Galaxy S10 and the same thing occurred.

Responding to the incident, Samsung said it was "aware of the case of S10's malfunctioning fingerprint recognition and will soon issue a software patch."

Previous reports have suggested that certain screen protectors are "incompatible" with Samsung's fingerprint sensor because they leave a small air gap that can interfere with the scanning. The sensor relies on ultrasound to detect the microscopic ridges that make every fingerprint unique.

The Galaxy S10 is the latest in Samsung's flagship S series, which is usually regarded as the iPhone's annual rival. The Korean company launched the phone in March and referred to its under-screen fingerprint authentication system as "revolutionary."

(Thanks, Chris!)

Article Link: Samsung Admits Major Security Flaw in Galaxy S10 Under-Screen Fingerprint Sensor
 

thisisnotmyname

macrumors 68020
Oct 22, 2014
2,390
5,024
known but velocity indeterminate
malfunctions with a small air gap, so the default is to accept as successful in these cases?? They'd still be generating minutia and those minutia shouldn't match. This is a pretty ugly bug.

edit to add: there has to be more to this. Did the person enroll while the screen protector was on? I can't imagine having a good set of minutia and then placing a screen protector in place and subsequently having it fail in this manner.
 
Comment

JaySoul

macrumors 68030
Jan 30, 2008
2,627
2,860
Honestly, under screen fingerprint sensors are, like notches, probably just a passing fad.

There wasn't much wrong with a trusty olf capacitive FPS. Needless "innovation".
 
  • Like
Reactions: SDJim and alpi123
Comment

kis

Suspended
Aug 10, 2007
1,702
765
Switzerland
wow, major f-up. Almost like when relatives who resemble you can unlock iPhones with face-ID, or when taped-up glasses unlock face-ID, or when masks unlock face-ID etc. etc. The morale of the whole debacle: phones are NOT SECURE. They're not a safe place to keep your personal crap. Face-ID seems to be slightly more secure than Samsung's crappy (it's crappy without the security info already) in-screen fingerprint solution, but let's not kid ourselves here: none of that alleged super-secure login crap is super-secure, no matter the manufacturer.

While I can't personally confirm the Note 10 problem (tried with 3 different silicone cases), it's shameful that a company like Samsung manages to f-up that badly. Time to re-introduce their iris-scanning tech, which was slow but secure.
 
Comment

Substance90

macrumors 6502
Oct 13, 2011
449
605
That shows how little testing Samsung does. I can understand it failing to unlock with certain screen protectors, but looks like it just unlocks if the fingerprint is not clear.
I doubt it unlocks if the fingerprint is not clear. It's probably something more obscure. Maybe the ridges of the finger get impressed onto the gel screen protector somehow?
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.