Samsung has issued a software patch for its Galaxy S10 smartphone to fix a flaw in the under-screen fingerprint sensor that allowed anyone to unlock the device with the help of a cheap screen protector (via Reuters).
/article-new/2019/01/samsung-galaxy-s10-lineup-2019.jpg?lossy)
The problem was brought to light last week, when a British user who applied a gel screen protector to her Galaxy S10 subsequently discovered that unregistered fingerprints could be used to unlock the device.
Samsung later admitted the issue can happen when patterns appearing on certain protectors that come with silicon cases are recognized along with fingerprints.
On Wednesday, Samsung issued an apology via its customer support app Samsung Members and told Galaxy phone owners to update their biometric authentication to the latest software version.
"Samsung Electronics takes the security of products very seriously and will make sure to strengthen security through continuing improvement and updates to enhance biometric authentication functions," the company said via the support app.
The Galaxy S10 is the latest in Samsung's flagship S series, which is updated each year and regarded as the iPhone's main rival, but the fingerprint recognition problem in its latest smartphone has already caused reputational damage, with some banks pulling their apps from the Play store in response to the security flaw.
Good morning Robert, We've removed the app from the Play Store for customers with Samsung S10 devices. This is due to reports that there are security concerns regarding these devices. We hope to have our app available again shortly once the issue has been resolved. SY — NatWest (@NatWest_Help) October 20, 2019
Samsung originally aimed to bring an under-display fingerprint sensor to its smartphone line-up in 2018, but canceled the feature at the last minute due to similar technical issues surrounding the use of screen protectors.
In March, the Korean company launched the S10 with much fanfare and promoted its first commercial under-screen fingerprint recognition solution as "revolutionary" at the time.
Top Rated Comments
Yes, they’ve issued a patch and maybe this really does fix things. But to get something so critical so wrong makes me skeptical. Press releases aside, that doesn’t demonstrate they take security very seriously.
We’ll see what third party testing demonstrates, but for now, I’d be cautious
You forget two things:Can you imagine if an iPhone had this flaw? People here would be demanding Tim’s head on a platter, news sites would be reporting non-stop on the “biggest security flaw in the past decade”, and there would be droves of people vowing to boycott Apple until Steve was resurrected from the dead.
1: Class Action
2: Letters to Apple demanding an explanation from some random Senators/Congress Person/Oversight committee who have no idea about technology but want to make a splash in the news.
Your missing the example where the fingerprint was registered without a screen protector and placing a case on the phone allowed a different finger to unlock it.It’s not an air gap that is fooling the sensor.
Just as some (most) clear cases have a texture to prevent the phone from having that wet bubble look, the “screen protector” in question has the same thing. The fingerprint sensor is reading that texture as the fingerprint during registration, not the users’ actual fingerprint. So, with the texture being read anyone can unlock the phone, as that pattern is what was actually registered.
How do you explain that?
It’s not an air gap that is fooling the sensor.kind of makes you wonder how exactly an air gap can fool the sensor. doesn’t the sensor need to read certain values to check against the saved fingerprint to see if they match?
Just as some (most) clear cases have a texture to prevent the phone from having that wet bubble look, the “screen protector” in question has the same thing. The fingerprint sensor is reading that texture as the fingerprint during registration, not the users’ actual fingerprint. So, with the texture being read anyone can unlock the phone, as that pattern is what was actually registered.
And don't forget Google with their faceID without eye focus. Good thing Apple never does things like that and then drags their feet fixing them (if only I could get my MacBook keyboard keys to all work...).An embarrassing mess up that should never have happened... amateur your for Samsung.