Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Samsung Admits Major Security Flaw in Galaxy S10 Under-Screen Fingerprint Sensor

nikolarai said:
You compare case when any fingerprint can unlock phone like this one with security issue of face ID when somebody has to have access to your phone wile you are sleeping to set up taped-up glasses or acces to your phone to set up face ID wih mask on and then unlock it, it's just incomparable. The siblings is only real issue... It's very misleading..
Click to expand...
Even the sibling thing is unverified and it’s only happened to 6 or 7 people anyway. The working theory is that some of them retrained the Face ID by unlocking their siblings phone with the passcode multiple times first.
[automerge]1571315324[/automerge]
realeric said:
Source code of Samesung fingerprint logic:

Default accept any fingerprints; If it recognizes the fingerprint is not authentic, reject it; If it recognizes the fingerprint is authentic, accept it; If they don’t know if it’s authentic or not, accept it;
Click to expand...
And after this patch it will be “if it looks like there’s a silicon case around the print, reject it” which doesn’t fix the underlying issue.
[automerge]1571315465[/automerge]
kis said:
If you believe that iPhones overall catch less fire and explode less often, think again. Just ask any ER in the country. Also, isn't it MacBook Pros that are banned on airplanes because of massive battery issues?
Click to expand...
If you believe iPhones catch fire less than Note 7’s you’d be absolutely correct.
 
  • Like
Reactions: dysamoria, Ntombi, Ravi_MR and 5 others
kis said:
wow, major f-up. Almost like when relatives who resemble you can unlock iPhones with face-ID, or when taped-up glasses unlock face-ID, or when masks unlock face-ID etc. etc. The morale of the whole debacle: phones are NOT SECURE. They're not a safe place to keep your personal crap. Face-ID seems to be slightly more secure than Samsung's crappy (it's crappy without the security info already) in-screen fingerprint solution, but let's not kid ourselves here: none of that alleged super-secure login crap is super-secure, no matter the manufacturer.

While I can't personally confirm the Note 10 problem (tried with 3 different silicone cases), it's shameful that a company like Samsung manages to f-up that badly. Time to re-introduce their iris-scanning tech, which was slow but secure.
Click to expand...

Genuinely interested in some sources for how people have spoofed Face ID. I know twins can (Apple has said so). But glasses and masks? I know about the very time consuming mask with weird cutouts and after many many failures they managed to bypass Face ID. I also think they had to disable attention awareness for it to work as well.
But I agree with you, biometric security is a convenience. Not as secure as a strong alphanumerical password. But Face ID is very good compared to many other systems.
 
  • Like
Reactions: mech986, SDJim and oneteam
ZEEN0j said:
Genuinely interested in some sources for how people have spoofed Face ID. I know twins can (Apple has said so). But glasses and masks? I know about the very time consuming mask with weird cutouts and after many many failures they managed to bypass Face ID. I also think they had to disable attention awareness for it to work as well.
But I agree with you, biometric security is a convenience. Not as secure as a strong alphanumerical password. But Face ID is very good compared to many other systems.
Click to expand...
Glasses can only bypass attention detection, you still need the actual person’s face.

Siblings are only anecdotal and mostly unconfirmed.

The elaborate 3D mask is the only one with any credibility but it would have locked for too many failed attempts long before anyone got it to work.
 
  • Like
Reactions: SDJim, osx86, kltmom and 1 other person
I think it’s amusing that when a company releases a new feature, they always indicate that they can’t bring it to older devices through a software patch as it requires newer hardware. But when a problem comes out the seems likely related to the hardware they’re like “we’ll just release a patch for that”.
 
  • Like
Reactions: dysamoria, SDJim and Peadogie
kis said:
wow, major f-up. Almost like when relatives who resemble you can unlock iPhones with face-ID, or when taped-up glasses unlock face-ID, or when masks unlock face-ID etc. etc. The morale of the whole debacle: phones are NOT SECURE. They're not a safe place to keep your personal crap. Face-ID seems to be slightly more secure than Samsung's crappy (it's crappy without the security info already) in-screen fingerprint solution, but let's not kid ourselves here: none of that alleged super-secure login crap is super-secure, no matter the manufacturer.

While I can't personally confirm the Note 10 problem (tried with 3 different silicone cases), it's shameful that a company like Samsung manages to f-up that badly. Time to re-introduce their iris-scanning tech, which was slow but secure.
Click to expand...
You’re right it’s ALMOST like spoofing Face ID, but not quite. Because Face ID is still more secure by a large margin than this. Because to spoof Face ID is a very narrow set of circumstances. Nobody is ripping the iPhone from your hand and spoofing Face ID. Contrasted with this as it seems like the Samsung phone can ripped from your hand and the biometric security bypassed easily.
[automerge]1571315935[/automerge]
ersan191 said:
Glasses can only bypass attention detection, you still need the actual person’s face.

Siblings are only anecdotal and mostly unconfirmed.

The elaborate 3D mask is the only one with any credibility but it would have locked for too many failed attempts long before anyone got it to work.
Click to expand...
This finger print spoof doesn’t require an elaborate setup. Big difference.
 
  • Like
Reactions: Ntombi, PickUrPoison, MisterSavage and 2 others
kis said:
If you believe that iPhones overall catch less fire and explode less often, think again. Just ask any ER in the country. Also, isn't it MacBook Pros that are banned on airplanes because of massive battery issues?
Click to expand...
Samsung just managed to produce a phone where the rate of battery failures was high enough that they 'had to' completely withdraw the product. iPhones never had such a high battery failure rate (percentage of phones affected within one month of purchase or mean time to failure).
 
  • Haha
  • Like
Reactions: dysamoria and kltmom
rmoliv said:
How can people purchase highly priced Samsung smartphones after all these major issues and still mock Apple is beyond me. I mean, the Galaxy fold, now this. I can only laugh.
Click to expand...
I appreciate Samsung trying things, but I feel like they rely too heavily on their users to be Beta testers.

Apple has periodically given Beta first looks at features (Siri, Portrait Mode), but you really can't justify mass producing a device with a security flaw this bad.
[automerge]1571316933[/automerge]
kazmac said:
That is a major security flaw. A shame as I was considering an s10e.

I hope they fix it.

Not going to even think about starting another Apple v. Samsung post, because Apple has bern dropping the ball a lot lately.
Click to expand...
Yeah, but so far not in major security features like FaceID, TouchID
 
  • Like
Reactions: dysamoria and mech986
guitarpanda said:
Can't wait for this thread to become yet another echo chamber full with people who prefer Touch ID to Face ID because having to put your finger in a certain place on the phone is somehow more convenient than having to do nothing.
Click to expand...
Oh but they can have the phone unlocked before it comes out of their pocket. Don’t you know how important that is? 😜
 
Really? I mean after the Samsung Fold with no QA...now this? even with the normal smartphones, samsung has no QA for anything?
 
  • Like
Reactions: dysamoria
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back