Ultrasonic fingerprint scanner on Samsung Galaxy S10 can be tricked into unlocking the device

Ultrasonic fingerprint scanner on Samsung Galaxy S10 can be tricked into unlocking the device
The Samsung Galaxy S10 and Galaxy S10+ are both equipped with an ultrasonic in-display fingerprint scanner. Unlike the optical scanners that can be found on many Android devices, the ultrasonic readers use sound to map out a user's fingerprint in 3D. This is more accurate than matching up the 2D image used with optical biometric readers. Even so, one Samsung Galaxy S10 owner posted on Imgur the steps he used to create a 3D image of his own fingerprint. This was used to trick the fingerprint scanner on his phone into unlocking the device.

The Galaxy S10 owner, who goes by the handle darkshark on the image sharing site, said that with a stolen Galaxy S10 protected only by a fingerprint, he could get into the banking apps on the phone and wipe out the owner's bank accounts in only 15 minutes, which is the time it took him to print the 3D model of his fingerprint. That's something to think about.

Here is how the 3D prints were made. Using his phone, darkshark took a photograph of his fingerprint, which was found on the side of a wine glass. He pointed out that someone could use a DSLR camera and zoom in on the image of a fingerprint on a glass that is across a room, or even further away. The photo of the print was imported into Photoshop where the contrast was increased and an alpha mask created. He then exported that over to Autodesk's 3ds Max to create a raised 3D model of the print. The AnyCubic Photon LCD resin printer was then employed to produce a 3D image of the fingerprint, which fooled the scanner and unlocked the phone.


Some find that the old school fingerprint reader on the Galaxy S10e works better


This means that if someone has access to your phone and can get an imprint of your fingerprint from something as innocuous as a glass, you could have a problem. And while the ultrasonic fingerprint scanners are supposed to be more secure (and accurate) than the optical readers, it seems that they can be tricked too.

Some Galaxy S10 users have also complained that the ultrasonic fingerprint scanner was having trouble unlocking their phone. One Galaxy S10 owner said that the feature was working for him only 20% of the time, and he threatened to return his Galaxy S10 and replace it with the Galaxy S10e. That's because the lower priced model has a traditional capacitive fingerprint reader on the right side of the device. And as it turns out, many have said that it is more accurate and quicker than the in-display ultrasonic scanner found on the more expensive models.

FEATURED VIDEO

64 Comments

1. blingblingthing

Posts: 887; Member since: Oct 23, 2012

This isn't an issue. You can threaten someone's life and get their password or force them to use their face unlock to get into their phone. Also, wasn't this same method going to enable someone to unlock all those other fingerprint scanners?

71. sgodsell

Posts: 6835; Member since: Mar 16, 2013

First of all that article where that guy darkshark said he could get the finger print off the persons phone, and then print out a 3D model of the users finger print, is fake. Especially when a fingerprint only leaves a 2D image behind. Samsungs ultrasonic 3D sensor maps more than the basic finger print. It maps the inner parts of a users finger print ridges as well. So darkshark is a liar. Go to Qualcomm themselves and check out how their scanner works. Also you can wear surgical gloves or thin plastic gloves, and the ultrasonic sensor still works.

2. ReticentHamster

Posts: 153; Member since: Jan 19, 2015

This seems... convoluted and complex. I mean, sure you can make a 3D print of someone's print and use it to unlock their phone. But this would require not only stealing the phone, but then having the equipment and software know-how to actually create the fingerprint copy. All unlock methods have a way to bypass it or trick it someway. This guy simply figured out the equation for passing the Ultrasonic reader. Nothing to panic about, and if you're really worried, just secure your banking and other accounts with a password instead of the fingerprint data. You don't HAVE to use the scanner.

7. Dr.Phil

Posts: 2291; Member since: Feb 14, 2011

I will just say that the kids growing up now are learning technology at an even more rapid pace than you or I. So it’s only a matter of time before something that seems “convoluted” becomes like second nature for them. And imagine if you could develop an app that were to make this work even faster? You don’t think there aren’t people out there that would be working on how to do exactly that? And while you may be right that nobody “has” to use the fingerprint scanner, that doesn’t mean that it’s not the preferred method for 95% of people. This is something that should alarm us all, no matter what brand of smartphone you own.

72. sgodsell

Posts: 6835; Member since: Mar 16, 2013

That guy darkshark is a liar. How can you make a 3D image of a users finger print by using the users finger print that is left on a smartphone? Think about it, the ultrasonic sonic sensor on the S10 is using Qualcomms technology, and it scans a 3D image, including the inner ridges of the users finger. So you cannot get that information from someones finger print that was left behind. This is fake. Also you can wear those thin surgical gloves, or those thin plastic gloves that they use to handle meat and fish, or food in general, and the S10 can still scan your finger print.

14. dimas

Posts: 3286; Member since: Jul 22, 2014

"but then having the equipment and software know-how to actually create the fingerprint copy." You do know that those things you mentioned are easy to buy these days, yes? When I was young, I learned the whole yahoo messenger thing in just 15 minutes. If a person will focus on printing stolen fingerprints, he will definitely do it and will be easy for him. Do not underestimate the human brain.

22. chris2k5

Posts: 236; Member since: Nov 17, 2012

You know most college campuses now have 3D printers at the library to do this for free right?

3. Zylam

Posts: 1807; Member since: Oct 20, 2010

It's ok, its Samsung, we ignore, downplay and use hypocrisy to solve the issues here.

21. chris2k5

Posts: 236; Member since: Nov 17, 2012

True. If FBI told Samsung to unlock someone’s phone they would probably do it without hesitation.

23. maherk

Posts: 6702; Member since: Feb 10, 2012

How ironic that this is coming from the same guy that does literally the exact same thing when it's Apple.

47. Vancetastic

Posts: 805; Member since: May 17, 2017

Apparently, around here, it’s okay to be a deluded Apple fanboy, but the same is not true for Samsung. Gotta love double standards!

50. maherk

Posts: 6702; Member since: Feb 10, 2012

That's the crazy part, is that fanboys on this website are the ones calling other people fanboys lol The past 10 days, I was called a Samsung fanboy by bunch of Apple and Huawei fanboys, and twice a Huawei fanboy by a Samsung fanboy. But yeah, fanboys on the Apple camp are the worst at it, they have zero issues with them trolling under Android articles, but gets furious when it's the other way around.

52. oldskool50

Posts: 711; Member since: Mar 29, 2019

It's been this way since the 70's bruh. The problem with Apple fans is simple. They pay more so they think their crap is better, when factually it NEVER has been. Anything bad, even when it just something true; like for example; considering the iPhone is just as big or bigger than the galaxy s, the battery is still considerably larger, which leads to less usage time. They will swear the iPhone last longer and people are just haters. when facts show the galaxy batteries have always been bigger and since the S7 have also last longer too. Best thing to do is, never respond to those fools and just talk tech with people who are here because they love tech. Fanboys like you said are all classically hypocritical. But Apple fanboys are for sure the worse.

62. Zylam

Posts: 1807; Member since: Oct 20, 2010

Oh yeah, and when exactly did I discount Apple from screw ups? Link me to a comment where I've done such. Calling out hate makes you a fanboy eh? I don't even use iOS anymore, got a smashed 6S , (that still works) on my shelf as a make shift weather checker but I use a Redmi Note 5 and 3 Android tablets (Mi Pad 3, 4 and Alldocube X) as my mains. The real irony is how you discount the ridiculous apple hate that clearly comes from the Samsung trolls who think they superior to people they haven't ever met. I personally hate iOS limitations but Android and Samsung have their screw ups too. Honestly it's just sad at how degraded the Android fanbase is, I feel ashamed to share being a fan of Android with such toxic people.

4. Krjal

Posts: 415; Member since: Dec 19, 2013

This is more complex than the capacitive and optical fingerprint sensor foils so I wouldn't be particularly worried.

15. dimas

Posts: 3286; Member since: Jul 22, 2014

That's what people said when credit card magnetic stripes were introduced. Years later, cards got hacked everywhere around the world and anti-magnet hacking wallets were sold.

53. oldskool50

Posts: 711; Member since: Mar 29, 2019

And yet billions of people use Credit Cards everyday with no issue. Just because a security measure can be hacked, doesn't mean you have to worry. PA is seemingly just trying to play on the fact they and others hate Samsung, so anything that makes Samsung look bad, they try to blow all out. Funny, the article they did, which showed face ID, and Apple's FPS being tricked into unlocking on the iPhone 6, 7 and 8 and X respectively, was painted as a thing you don't have to worry about. You know, because only 1:1,000,000 chance Face ID will unlock with some else face. yet there are well over 50 videos on YT proving that it was nothign more than a marketing lie.

5. cmdacos

Posts: 3870; Member since: Nov 01, 2016

We get it. There isn't a secure biometric or facial recognition system yet available that can't be hacked. If people care about security they use a password exclusively. 99% of people will choose convenience everytime.

6. kanagadeepan

Posts: 1219; Member since: Jan 24, 2012

Thats why Banks have to use OTP (One time password, which is generated by server, sent as SMS and will work for just 2 minutes after sending) along with password/fps combo..

33. iloveapps

Posts: 521; Member since: Mar 21, 2019

Didn’t someone sued Apple because of two factor authentication

8. uchihakurtz

Posts: 427; Member since: Nov 12, 2012

Too complicated, rather just cut off the finger of the owner

20. chris2k5

Posts: 236; Member since: Nov 17, 2012

Take pic of fingerprint 30 seconds Import to Photoshop and increase contrast 1 minute Print on 3D printer 10 minutes Wipe out bank accounts 5-15 mins

25. cmdacos

Posts: 3870; Member since: Nov 01, 2016

If it was this easy, people who commit real crimes would be framing people all over the world with this 'simple' process.

9. Whitedot

Posts: 719; Member since: Sep 26, 2017

Somone just finished watching all "Mission Impossible" films.

10. Leo_MC

Posts: 6616; Member since: Dec 02, 2011

Remember when the dumb asses were saying that touch id is safer than face id?

19. maherk

Posts: 6702; Member since: Feb 10, 2012

Except for the fact that you don't need a 3d printer or complex tools to trick face id, you only need a mother, sibling, or a friend who looks similar to you, similar, not even identical. And I can't wait for the day Apple brings back touch id, it will be fun watching hardcore fanboys like yourself celebrate the return of touch id.

34. iloveapps

Posts: 521; Member since: Mar 21, 2019

And FBI, NSA or other data mining agency doesn’t bother at all at unlocking android phones. Where there news or senate bill that need to pass in order to backdoor android phones?

44. Vokilam

Posts: 1087; Member since: Mar 15, 2018

Maherk, That’s not true (just because there was 1 or 2 instances out of millions doesn’t mean it’s that easy. I had my iPhone X for almost two years - and no one has been able to unlock it - not my dad, not my siblings, not friends - no one.

48. maherk

Posts: 6702; Member since: Feb 10, 2012

I'm not arguing that, I'm just saying that none of the biometric methods are completely hack proof. My wife had the X and XS and there were no issues with them as well, but that doesn't mean there were cases where face id was fooled. Same with the S10's fps, or any other fingerprint scanner, including touch id, they were all hacked at some point, but it's not as easy or as common to hack as people in this thread are trying to claim. If you're worried about security that much, you're better off using pin numbers or pattern lock.

54. oldskool50

Posts: 711; Member since: Mar 29, 2019

Because it is. Why are you blind to that fact. here is what you are missing. face ID - Someone who looks like you can simply look at your phone and unlock it. At least with FPS, you need a complex drawn out process, which most won't be able to duplicate. far harder than just finding someone who looks like you, which depending on what country you are from; isn't hard at all. No matter what you claim, here is the facts. Without having a very good duplicate of your fingerprint, and having the money and time to even get it to work; its a non-issue. Face ID doesn't need anything complicated. all you need is a similar face,. NO ONE on this planet will have your fingerprint, without having yoru phone where they could MAYBE lift a print. With face ID, you don't need fancy hardware bruh. I saw someone post how you will seemingly and deliberate sidestep facts to support things that simply are true. What makes Fingerprints difficult is first, they are very hard to lift even with the proper equipment. Next, you have 10 fingers and you have zero idea which one was actually used. And because you use several fingers on the screen, each print covers another which prevents a pure clean life. Its different when you have the phone, you clean the screen and you make one print on it to lift. it. Come on man its obvious fingers are far less easy to duplicate. If you can't admit that, why are you even here? There are lots of videos on YT showing Face ID being fooled by friends and family who look liekthe original owner. Funny how the galaxy face unlock, and the Infrared face Unlock on the Surface all failed when someone who looked, even identical twins; looked at the cameras. yet face ID unlocked on those. Sorry bruh, you just wrong!

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.