Samsung’s Galaxy S10 fingerprint sensor fooled by 3D printed fingerprint

Direct link - Archive link

「In recent years, smartphone manufacturers have been implementing advanced features for users to secure their devices, using fingerprint readers, face mapping, and even sensors that map out the blood veins in the palm of your hand. But there are still ways to get around such measures, and one user found that he could fool the in-display fingerprint reader on his Samsung Galaxy S10 with a 3D print of his fingerprint.」

This just proves that using only biometrics for encryption is a bad idea - Though in this case its 'biometrics' including electronic measurements rather than actual physical fingerprint. Not only are you not protected by the 4th amendment (or at all in other countries) - You are forced to give up what you physically have (your fingerprint). Stick to using a pin or passphrase because it is protected by the 4th amendment. If you can use both at the same time then you'd be even more secure and still protected.

「In a post on Imgur, user darkshark outlined his project: he took a picture of his fingerprint on a wineglass, processed it in Photoshop, and made a model using 3ds Max that allowed him to extrude the lines in the picture into a 3D version. After a 13-minute print (and three attempts with some tweaks), he was able to print out a version of his fingerprint that fooled the phone’s sensor.」

So if you have the knowledge, software, and 3D printer you have the capability to unlock encrypted Samsung phones. While the chances of someone actually doing this is exceedingly low - You can not deny that the possibility is there.

「The Galaxy S10’s fingerprint sensor doesn’t rely on a capacitive fingerprint scanner that’s been used in other versions of the phone, using instead an ultrasonic sensor that’s apparently more difficult to spoof. darkshark points out that it didn’t take much to spoof his own fingerprint. A concern, he notes, is that payment and banking apps are increasingly using the authentication from a fingerprint sensor to unlock, and all he needed to get into his phone was a photograph, some software, and access to a 3D printer. “I can do this entire process in less than 3 minutes and remotely start the 3d print so that it’s done by the time I get to it,” he writes.

If the payment and banking apps are only relying on a fingerprint sensor for authentication then that is indeed worrying. Theres no reason for payment and bank apps to not use pin and/or OTP 2FA since they are better options and more secure.