Samsung’s Galaxy S10 is one of the best Android smartphones in the market right now. It’s jam-packed with cutting-edge technologies, and consumers expect nothing but the best from the device. The Galaxy S10 comes with two different biometric methods for authentication and security – an ultrasonic in-display fingerprint sensor and a facial recognition technology. Unfortunately, both the Galaxy S10 unlocking methods are vulnerable to hacking.
A fake fingerprint can fool the Galaxy S10 ultrasonic fingerprint sensor
Biometric technologies have become a norm on smartphones in the last few years. They are fast, convenient, and offer decent-to-good security. But people with a little bit of time and resources can bypass such measures to access your phone. Imgur user Darkshark has shared that they managed to fool the Galaxy S10’s in-display fingerprint sensor using a 3D print of their fingerprint.
Darkshark said in a post on Imgur that he took a photo of his fingerprint on a wine glass and then used Photoshop to create an alpha mask of it. He then exported the alpha mask to 3DS Max software to create a detailed 3D version of the fingerprint. Darkshark printed out the model using his AnyCubic Photon LCD resin 3D printer.
It took him three attempts with some tweaks to build the right model and 13 minutes to print out the 3D model. The 3D printed fingerprint was able to unlock the Galaxy S10 every time without any issue. That’s quite surprising because the Galaxy S10 comes with an advanced ultrasonic fingerprint sensor that has more layers of security than the optical fingerprint sensors.
Darkshark said all he needed to fool the Galaxy S10 unlocking method was “a photograph, some software, and access to a 3D printer.” Stolen phones already have the fingerprint of their users all over, which can be used to create a 3D model within minutes. Darkshark claims he can also remotely start the 3D printing.
The ultrasonic fingerprint sensor is the primary unlocking method on the Galaxy S10, S10E, and S10 Plus. Most smartphone vendors use capacitive fingerprint sensors on the back panel, in the home button, or on the side of the phone. It senses the contact patch your finger makes when you place it on the sensor to unlock.
Then there is the optical in-display fingerprint sensor that is not highly secure. Devices like OnePlus 6T use the optical in-display fingerprint sensor that merely takes a 2D photo of your finger.
The Galaxy S10 features a more secure ultrasonic in-display fingerprint sensor that uses high-frequency ultrasonic waves to determine the shape of your fingerprint in 3D. Darkshark was able to fool it because the 3D model he created was nearly identical to his actual fingerprint. Last month, the Korean company promised to provide software updates to the Galaxy S10 ultrasonic fingerprint sensor to fix reliability issues and enhance the user experience.
Unlocking Galaxy S10 with your face is even less secure
The Internet is flooded with videos and reports of people fooling the phone’s facial recognition technology using a photo or video. Samsung has made it clear that the face unlock technology is there only for convenience. According to the company, people concerned about privacy should use the ultrasonic fingerprint sensor.
The Galaxy S10 and S10E use a single front camera that reads only 2D data. It makes it easy for hackers or even your friends and family members to use your photo to unlock your Galaxy S10. The larger Galaxy S10 Plus has dual cameras on the front, which makes it a bit more difficult to fool. But even the S10 Plus can be tricked, as a security researcher demonstrated recently.
Security researcher Jane Manchun was able to unlock her brother’s Galaxy S10 Plus using facial recognition. It’s unclear how she managed to do it, but there is a possibility the software couldn’t tell between faces with genetic similarities.
Apparently S10+ thinks we look the same
But we don't…? pic.twitter.com/COAS9QJodK
— Jane Manchun Wong (@wongmjane) March 9, 2019
Biometric methods aren’t entirely secure, but the ultrasonic fingerprint sensor on the Galaxy S10 series is good enough for most casual users. Not everyone who wants to access your phone has the tools and technical skills to create a 3D print of your fingerprint. High-profile individuals such as politicians, business people, and law enforcement officials need to be more careful.
Apple’s Face ID and Touch ID sensors are considered pretty secure but even they are not foolproof. The iPhone maker claims there is 1 in a million chance someone could fool your Face ID, and 1 in 50,000 probability for Touch ID.
However, Face ID has been fooled not only by identical twins but also by office colleagues. Security agencies also offer tools to crack Face ID and Touch ID, if you pay them enough cash. Apple claims the Face ID technology learns from its mistakes over time, when it fails and the user is asked to enter the passcode.