Samsung Issues Software Patch to Fix Screen Protector Flaw in Galaxy S10 Fingerprint Sensor

Samsung has issued a software patch for its Galaxy S10 smartphone to fix a flaw in the under-screen fingerprint sensor that allowed anyone to unlock the device with the help of a cheap screen protector (via Reuters).


The problem was brought to light last week, when a British user who applied a gel screen protector to her Galaxy S10 subsequently discovered that unregistered fingerprints could be used to unlock the device.

Samsung later admitted the issue can happen when patterns appearing on certain protectors that come with silicon cases are recognized along with fingerprints.

On Wednesday, Samsung issued an apology via its customer support app Samsung Members and told Galaxy phone owners to update their biometric authentication to the latest software version.
"Samsung Electronics takes the security of products very seriously and will make sure to strengthen security through continuing improvement and updates to enhance biometric authentication functions," the company said via the support app.
The Galaxy S10 is the latest in Samsung's flagship S series, which is updated each year and regarded as the iPhone's main rival, but the fingerprint recognition problem in its latest smartphone has already caused reputational damage, with some banks pulling their apps from the Play store in response to the security flaw.


Samsung originally aimed to bring an under-display fingerprint sensor to its smartphone line-up in 2018, but canceled the feature at the last minute due to similar technical issues surrounding the use of screen protectors.

In March, the Korean company launched the S10 with much fanfare and promoted its first commercial under-screen fingerprint recognition solution as "revolutionary" at the time.

Top Rated Comments

(View all)
Avatar
7 weeks ago
If I were an S10 user, I’d still be leery. It’d make some sense if a screen protector prevented the phone from recognizing a valid fingerprint, but to make it accept any fingerprint? That suggests a pretty lax system. It’s as if the software is saying, ah heck, I can’t read this fingerprint at all! Come on in!

Yes, they’ve issued a patch and maybe this really does fix things. But to get something so critical so wrong makes me skeptical. Press releases aside, that doesn’t demonstrate they take security very seriously.

We’ll see what third party testing demonstrates, but for now, I’d be cautious
Rating: 14 Votes
Avatar
7 weeks ago
Can you imagine if an iPhone had this flaw? People here would be demanding Tim’s head on a platter, news sites would be reporting non-stop on the “biggest security flaw in the past decade”, and there would be droves of people vowing to boycott Apple until Steve was resurrected from the dead.
Rating: 10 Votes
Avatar
7 weeks ago


Can you imagine if an iPhone had this flaw? People here would be demanding Tim’s head on a platter, news sites would be reporting non-stop on the “biggest security flaw in the past decade”, and there would be droves of people vowing to boycott Apple until Steve was resurrected from the dead.

You forget two things:
1: Class Action
2: Letters to Apple demanding an explanation from some random Senators/Congress Person/Oversight committee who have no idea about technology but want to make a splash in the news.
Rating: 9 Votes
Avatar
7 weeks ago


It’s not an air gap that is fooling the sensor.

Just as some (most) clear cases have a texture to prevent the phone from having that wet bubble look, the “screen protector” in question has the same thing. The fingerprint sensor is reading that texture as the fingerprint during registration, not the users’ actual fingerprint. So, with the texture being read anyone can unlock the phone, as that pattern is what was actually registered.

Your missing the example where the fingerprint was registered without a screen protector and placing a case on the phone allowed a different finger to unlock it.

How do you explain that?
Rating: 8 Votes
Avatar
7 weeks ago


kind of makes you wonder how exactly an air gap can fool the sensor. doesn’t the sensor need to read certain values to check against the saved fingerprint to see if they match?

It’s not an air gap that is fooling the sensor.

Just as some (most) clear cases have a texture to prevent the phone from having that wet bubble look, the “screen protector” in question has the same thing. The fingerprint sensor is reading that texture as the fingerprint during registration, not the users’ actual fingerprint. So, with the texture being read anyone can unlock the phone, as that pattern is what was actually registered.
Rating: 8 Votes
Avatar
7 weeks ago


An embarrassing mess up that should never have happened... amateur your for Samsung.


And don't forget Google with their faceID without eye focus. Good thing Apple never does things like that and then drags their feet fixing them (if only I could get my MacBook keyboard keys to all work...).
Rating: 4 Votes
Avatar
7 weeks ago
Samsung got that patch out with Apple like speed.
Rating: 4 Votes
Avatar
7 weeks ago
Samsung's patch doesn't describe the issue correctly, so is this actually fixed? ('https://arstechnica.com/gadgets/2019/10/samsung-patches-fingerprint-vulnerability-in-the-galaxy-s10-note10/')

Ars Technica is casting doubt on whether this patch will fix the problem.
Rating: 3 Votes
Avatar
7 weeks ago
I mean at least they didnt go boom? ??
Rating: 3 Votes
Avatar
7 weeks ago
An embarrassing mess up that should never have happened... amateur your for Samsung.
Rating: 3 Votes
[ Read All Comments ]