Samsung Admits Major Security Flaw in Galaxy S10 Under-Screen Fingerprint Sensor

[slippery-pete]

Imagine if Apple did this....

 

[xizdun]

So MacRumors is featuring an image of the devices wrapped in Speck cases for this article.

Is this the latest monetization ploy with subliminal advertising at MacRumors or is the article author (Tim Hardwick) that visually oblivious?

 

[Plutonius]

It was revolutionary but it doesn't work.

At least there is no danger of fire .

 

[jonnyb098]

Apple is doomed, people. Always remember, never forget. APPLE. IS. DOOMED. 🤣

 

[urnotl33t]

Apple takes a bit of heat sometimes for being slow to market with certain innovations (Face ID, in-screen Touch ID someday I hope) but sometimes slower is better. Apple can come to the party late because when they do, they bring the good beer—not the cheap beer that the early arrivals bring.

Now I do recall that Touch ID could be fooled with a somewhat involved set of steps to a fake fingerprint out of some common polymer, but that’s a pretty concentrated attempt to fake out the Touch ID. In my opinion, you really aren’t fooling Touch ID, but are making a good fake fingerprint.

If/when Apple brings in-screen Touch ID to the party, I bet it won’t have these types of flaws.

"Some of the heat" ?? Like being issued subpoenas and requests from the chairman of the Senate Judiciary subcommittee for their TouchID on the iPhone 5S? Then later for FaceID? (Yes, it was political grandstanding and total crap, but it still happened)

Do you think Samsung is going to be called into hearing for this? They are a *foreign* company as well. You'd think they'd be held to greater inspection. But nope, it's the domestic company that got called out publicly for a Nothing Event. Nope, they'll get away with it, "water under the bridge", no one outside of us tech types will ever hear of this after lunchtime today. (and yes, i remember it was Al Franken and that dude was just making waves... which he rode out until he had to leave after other allegations against him, so yeah he may have gotten what he deserved)

 

[Glideslope]

I find that anything Samsung does appliance-wise, LG does better. I went with the LG TV but they're really close.

We just replaced our old SHARP LCD TV (display fried) with an LG 65SM9000PUA. Absolutely the best image quality for the price point IMO. The Samsung we were looking at seemed cheap by comparison.

 

[Nebulance]

But why would it unlock the phone, if the screen protector interferes with the sensor? That's just stupid.

Certainly agreed; perhaps their algorithms to match the incoming fingerprint to the one that's saved as the "passcode" aren't as stringent as they need to be? That is, if the two fingerprints are "close enough", it unlocks?

 

[realtuner]

Genuinely interested in some sources for how people have spoofed Face ID. I know twins can (Apple has said so). But glasses and masks? I know about the very time consuming mask with weird cutouts and after many many failures they managed to bypass Face ID. I also think they had to disable attention awareness for it to work as well.
But I agree with you, biometric security is a convenience. Not as secure as a strong alphanumerical password. But Face ID is very good compared to many other systems.

The Bkav group with the mask are scammers. They refused to answer questions about how they did their test. Ars has a good article in them.

Forbes did a test using a 3D scanner to make a model of a users face to construct a mask, but it couldn’t fool the iPhone (they fooled several Android phones, though).

The videos with twins or family members are also scams.

Here’s how you perform the scam:

After initially training FaceID, you let the other person (or the mask) try to unlock. When it fails, enter your PIN. FaceID assumes it’s the same person since you entered your PIN. It then “merges” facial data from both people (or the person and the mask). Then you can unlock with both.


This is why NOBODY has ever posted a complete end-to-end video of this “hack” because they don’t want you to see how they do it. It’s also why they do this during the initial “learning” phase for FaceID (and previously TouchID) and not on a device a person has used for some time. This is because Apple states that your face (or fingerprint) is refined as you use it increasing security. The last part is important. How could security get better the more you use FaceID (TouchID)? Because the initial enrollment gets “most” of your biometric data while subsequent use allows the collection of additional data to refine their model of your face (finger).

In other words, an iPhone is least secure (easiest to fool) immediately after you enroll, and much harder to fool after you’ve used your device some a period of time.

 

[MacLawyer]

Jumping Jimminy! And then Samsung mocks Apple and their users.

 

[iOS Geek]

Ouch...that is a BIG "oops"...

 

[Jim Lahey]

I think this is probably being blown out of proportion.

It runs Android. Someone somewhere probably has remote access to all your data anyway 🤡

 

[deckard666]

wow, major f-up. Almost like when relatives who resemble you can unlock iPhones with face-ID, or when taped-up glasses unlock face-ID, or when masks unlock face-ID etc. etc. The morale of the whole debacle: phones are NOT SECURE. They're not a safe place to keep your personal crap. Face-ID seems to be slightly more secure than Samsung's crappy (it's crappy without the security info already) in-screen fingerprint solution, but let's not kid ourselves here: none of that alleged super-secure login crap is super-secure, no matter the manufacturer.

While I can't personally confirm the Note 10 problem (tried with 3 different silicone cases), it's shameful that a company like Samsung manages to f-up that badly. Time to re-introduce their iris-scanning tech, which was slow but secure.

Funny that as my twin brother can't unlock my iPhone X - we tried the first day I got it...he can probably unlock a Samsung though...

 

[BWhaler]

Oh Samsung. The only thing they are good at is copying Apple.

 

[redmac]

Hey, I can’t identify you, so let me unlock just in case you are the owner.

 

[kybldmstr]

Previous reports have suggested that certain screen protectors are "incompatible" with Samsung's fingerprint sensor because they leave a small air gap that can interfere with the scanning.

"incompatible" should mean that no fingerprint will work, not that ALL of them will work!

 

[MisterSavage]

"Why doesn't Apple just put the fingerprint sensor under the screen, like Samsung?"
"Why doesn't the iPhone 11 ship with 5G?"
"What's Apple's answer to foldable phones?"

Gee, it's almost as though the technology isn't mature.

Also: "Other phone can do Face ID without a notch. Why is Apple so lazy?"

 

[whoknows2597]

This is how you run a business into the ground. We have the battery issue that required the recall, the botched Fold release, and now this.

Thing is, with Samsung, they get off easy and the world moves on. If it was Apple, people would start screaming on rooftops that Apple is doomed and then start demanding Tim Cook’s head!!!!!! /s. Seriously though, when it comes to Apple and their mishaps, they get blown out of proportion while other companies are ignored and praised for their “recalls.”

 

[iOS Geek]

American ER/Trauma nurse here. Never once had this presentation.

I'll have to take a walk down to the ER while I'm at work this afternoon and ask them this question as well. I guarantee they haven't seen this issue either. If they did...word would travel fast. Especially since the majority of our employees have an iPhone. 😂

 

[theorist9]

I hope she got a bounty from Samsung for finding that flaw

 

[nvmls]

Lol Samsung, stick to hardware, software is not your thing.

 

[alphaod]

Couple other phones I used with in-screen sensor would reject you if it didn't recognize... Samsung chooses to accept? That's bad.

 

[iamPro]

Can't wait for this thread to become yet another echo chamber full with people who prefer Touch ID to Face ID because having to put your finger in a certain place on the phone is somehow more convenient than having to do nothing.

Yeah Face ID has its benefits, but you’re in denial if you think touchID doesn’t have it’s benefits as well.

And it’s not like you do nothing for Face ID. You do have to lift it up at a certain angle and distance, which is relatively inconvenient in at least a handful of cases compared to Touch ID

 

[WWPD]

Face ID will always be more secure because of attention awareness, a fingerprint reader can be unlocked by a sleeping or unconscious person.

 

[haruhiko]

Engineer: Hey boss, this ultrasonic fingerprint sensor always fails to recognise fingerprints.
Boss: Just let it accept everything. Problem solved.

 

[HermanMunster]

For the record, my persistence disdain with FaceID is that I do motorcycle touring to the tune of 12K+ miles a year and had to go back to a 4-digit passcode because while my gloves work with TouchID & the touch screen, my helmet does not work with FaceID so when I need to do anything I used to be able to unlock but now I have to stop and remove my helmet or type in a passcode. this has been going on with me for 3 years and I hate it every time.

You should not be handling a phone while driving anyway.