Skip to main content

Galaxy S10 Screen Protector Lets Anyone Unlock Samsung's Phone

Galaxy S10 Fingerprint sensor
(Image credit: Future)

If you have a Galaxy S10 with a third-party screen protector on it, you might want to reconsider that accessory.

According to one new report, unauthorized users might be able to unlock Galaxy S10 models equipped with a third-party screen protector by fooling the smartphone's ultrasonic in-screen fingerprint sensor.

The security flaw was apparently discovered by one Galaxy S10 owner who used a "gel screen protector" that had been bought on eBay for about $3, reported The Sun in Britain. 

The owner, Lisa Neilson, registered her right thumb to unlock the screen, but said that when the screen protector was on the Galaxy S10's display,  her left thumb could also unlock the device. So could either of her husband Wes's thumbs.

Lisa Neilson said she then put the same case on her sister's Samsung phone and discovered that anyone could unlock her sister's phone too.

The Sun did not independently confirm the fingerprint bypass, but a Samsung spokesperson told the newspaper that an internal investigation had been launched into the issue. 

"We recommend all customers to use Samsung authorized accessories, specifically designed for Samsung products," the spokesperson told The Sun.

In a video posted on The Sun's website, Lisa and Wes Neilson show that the phone has only one fingerprint registered. But both Lisa and Wes could unlock the phone using their thumbs. 

Wes showed that he could also unlock a banking app on Lisa's phone using his own thumb.

"If I just go into NatWest, the fingerprint recognition will be prompted," Wes Neilson said, "and if I try and log into a banking [app], it'll let me into Lisa's banking, where I can transfer funds in a split second and pass the phone back and nobody'd know any different."

The problem appears to relate to the fingerprint sensor's functionality. Chiefly, the ultrasonic fingerprint sensor allows for companies to bundle a fingerprint sensor directly into the screen. 

The problem, however, is that because it's not a physical button and it needs to bounce waves off your finger and back to read it, the sensor doesn't work with standard tempered glass protectors.

In response, accessories makers created liquid-based tempered screen protectors that used a different technology to protect the display but didn't interact with the fingerprint sensor. It did that by effectively making a tighter fit between the screen and the protector itself.

However, the new flaw suggests that even the liquid-based tempered glass protectors could be a problem. And if you go with that option, it could allow anyone to hack your Galaxy S10.

For its part, Samsung hasn't commented publicly on the flaw.