Technology

3D-Printed Fingerprint Fools Galaxy S10 Fingerprint Sensor

Galaxy S10 fingerprint scanner
ar130405 / Pixabay

One of the best features of the Samsung Galaxy 10 is the under-display ultrasonic fingerprint sensor made by Qualcomm. The Korean firms claim the Galaxy S10’s fingerprint scanner is more secure and accurate than other similar technologies 0n the market. However, one user proved this wrong.

How the Galaxy S10 ultrasonic fingerprint scanner was fooled

Imgur user darkshark was able to fool the Galaxy S10 ultrasonic fingerprint scanner using a 3D-printed fingerprint, according to tech site PiunikaWeb. The user described the full process of how he was able to trick the fingerprint scanner on Imgur in a post entitled “I attempted to fool the new Samsung Galaxy S10’s ultrasonic fingerprint scanner by using 3d printing. I succeeded.”

All the user needed was a 3D printer. According to darkshark, he took a photograph of his fingerprint on a wine glass using his smartphone. Highlighting privacy concerns, they noted that one can easily take a fingerprint image from across a room or even further away using a long focal length DSLR camera.

Image Source: Imgur/darkshark (screenshot)

The user then edited the image in Photoshop and created an “alpha mask.”

“I exported that over to 3ds Max and created a geometry displacement from the Photoshop image which gave me a raised 3d model of every last detail of the fingerprint,” the Imgur user said.

Next, he used 3D printing software to print it. He said he used an “AnyCubic Photon LCD resin printer, which is accurate down to about 10 microns (in Z height, 45 microns in x/y),” to capture all the fingerprint’s details.

Darkshark noted that it took him three reprints to get the perfect print which in some cases unlocks the phone as well as “my actual finger does.”

Were Samsung and Qualcomm lying?

So far we have mostly seen such efforts in spy movies, but we now know that it can happen in real life as well. This raises some serious questions about the safety and privacy of users, which darkshark also believes needs to be addressed.

“There’s nothing stopping me from stealing your fingerprints without you ever knowing, then printing gloves with your fingerprints built into them and going and committing a crime,” the user said.

It must be noted that both Qualcomm and Samsung promoted the Galaxy S10 ultrasonic fingerprint scanner as the next level of security. Qualcomm noted that its fingerprint sensor emits sound waves which are reflected from the ridges of the finger to create a detailed “three-dimensional reproduction of the scanned fingerprint.”

Further, the chip maker noted that the ultrasonic 3D sensor is better than traditional two-dimensional and optical sensors. Qualcomm even bragged that the sensor detects blood flow within the user’s finger to prevent hackers from fooling the “device with a photo or a mold.” However, darkshark’s experiment proved nothing like this is happening.

“Based on our research, with the lowest failure-to-acquire rate compared to commercial fingerprint solutions in the mobile industry, ultrasonic fingerprint sensors have become the gold standard when it comes to safeguarding user information,” Qualcomm said earlier, referring to its “virtually error proof” 3D Sonic Sensor.

It will be interesting to see what Qualcomm has to say now. Samsung will also have some explaining to do because it suggested that users opt for the fingerprint scanner for better security and accuracy than face unlock.

Samsung came up with this suggestion following several hacking incidents involving the Galaxy S10’s face unlock feature, including one in which the phone’s face unlock identified the owner’s sister as the real owner.

Not the first time

This is not the first time such experiments have been conducted. Something similar happened a few years ago when Michigan State University researchers helped agencies clone a Michigan murder victim’s fingerprint to unlock his phone. The phone unlocked at the time was the Samsung Galaxy S6. The Korean firm defended the security of its device then by saying that “special equipment, supplies” and, above all, the owner’s phone are needed to clone a person’s fingerprint.

A similar thing had happened with Apple devices as well. For instance in 2013, the Chaos Computer Club (CCC) was able to fool the iPhone 5S’ Touch ID using a method added to the CCC website in 2004. The method involved the use of a laser printer and latex milk or white wood glue.