Samsung's Galaxy S10 virtual fingerprint sensor might have a security problem.
According to the user, he started with a fingerprint on a wine glass. He took a picture of it from his phone and processed it in Photoshop to remove the outside areas and leave only the fingerprint. He then input that fingerprint into 3DS Max to create a 3D model he printed with his 3D printer.
Now armed with a 3D-printed fingerprint, he simply placed it over the virtual sensor on the Galaxy S10's screen and got into the handset with no trouble. The video he published to Imgur shows the hack in action. And he even wears gloves in the video to make clear that the fingerprint sensor isn't picking up his actual fingerprint.
The sensor on the Galaxy S10 uses ultrasonic technology to identify a person's fingerprint, compare it to the fingerprint on file, and provide access when there's a match.
Darkshark's hack effectively dupes that system and calls into question just how safe and reliable fingerprint sensors actually are.
In a comment on his post, Darkshark said that he needed to make three fingerprint reprints to get the ridges on the fingerprint right. Once he got that right, he found that the 3D fingerprint can unlock his phone just as well as his actual fingerprint in most cases.
"This brings up a lot of ethics questions and concerns," he said. "There's nothing stopping me from stealing your fingerprints without you ever knowing, then printing gloves with your fingerprints built into them and going and committing a crime."
He said that now that he's figured out the printing process, he could steal someone's fingerprint and get it printed and ready to use within three minutes.
Fingerprint sensors are often a first line of defense for a variety of applications and services. If your fingerprint can be so easily duplicated and used maliciously, it's possible hackers could easily steal data and other information by only snapping a photo of your fingerprint on a wine glass.
This isn't the first time the Galaxy S10's security was duped. In March, it was discovered that the smartphones' face-scanning camera can be fooled by a photo of the person assigned to it, or even with a face that's remotely similar (such as that of a sibling). The photo trick worked in our testing, but only with Fast Facial Recognition on.
Until Samsung comes up with an official fix for these Galaxy S10 security loopholes, you can turn off features such as fingerprint unlock and Fast Facial Recognition if you want to keep your phone extra safe.