Samsung Galaxy S10 Fingerprint Reader Defeated by Silicon Case

A couple in the UK experienced a weird bug on their Samsung Galaxy S10 that allows bypassing the fingerprint reader to unlock the phone regardless of the biometric data registered in the device.

Endeavors in the past tricked biometric protection in phones from multiple brands. Hackers were able to recreate a fingerprint from high-resolution photos and transfer them onto a thin film.

Lisa and Wes Neilson's experience, though, is different and does not involve any technology, just a cheap silicon case.

One record for any finger

Lisa got the phone as a gift from her husband and decided to put it in a protective case. She soon discovered that even if only her own fingerprint was registered in the biometric settings of the device, the phone unlocked no matter what finger was used for the process.

Apparently, the same results were obtained with her husband and her sister said ;both, users whose fingerprint information had never been registered on the phone.

The culprit seems to be the the silicon case, which somehow confuses Samsung Galaxy S10's fingerprint reader and allows any fingerprint to unlock the device.

This conclusion came after Lisa tested the case on her sister's Samsung and the same result was obtained, according to The Sun.

Both Galaxy S10 and S10+ create a 3D map of the fingerprint using ultrasounds, with the reader being embedded under the display. These devices were the first phones to use this technology for fingerprint scanning.

The protective screen problem

Reports about screen protectors not being suitable for Samsung's reader came early on but they referred to tempered glass screen protectors because they leave a small air gap that interferes with the scanning. Samsung-certified products are recommended for this.

Plastic or silicone cases can also cause problems as they can make reading the full fingerprint more difficult. In this case, recommendations include pressing harder on the sensor for better reading.

Also worrying is the fact that many banking apps adopted biometric authentication, so bypassing the fingerprint reader on a phone also allows executing financial operations.

The couple let Samsung know about the issue and someone from customer support told them, after connecting remotely to the phone, that it looked like a security breach.

In a statement for the UK publication, a company spokeswoman said that there is an internal investigation into this and recommended customers to use Samsung authorized accessories designed for Samsung products.

It is worth noting that this piece of advice does not apply when you lose your phone or it gets stolen. If a silicone case can indeed confuse the fingerprint reader, crooks can easily slip one and get access to the phone.

Main Article: https://www.bleepingcomputer.com/news/security/samsung-galaxy-s10-fingerprint-reader-defeated-by-silicon-case/