Ultrasonic fingerprint scanner on Samsung Galaxy S10 can be tricked into unlocking the device

Ultrasonic fingerprint scanner on Samsung Galaxy S10 can be tricked into unlocking the device
The Samsung Galaxy S10 and Galaxy S10+ are both equipped with an ultrasonic in-display fingerprint scanner. Unlike the optical scanners that can be found on many Android devices, the ultrasonic readers use sound to map out a user's fingerprint in 3D. This is more accurate than matching up the 2D image used with optical biometric readers. Even so, one Samsung Galaxy S10 owner posted on Imgur the steps he used to create a 3D image of his own fingerprint. This was used to trick the fingerprint scanner on his phone into unlocking the device.

The Galaxy S10 owner, who goes by the handle darkshark on the image sharing site, said that with a stolen Galaxy S10 protected only by a fingerprint, he could get into the banking apps on the phone and wipe out the owner's bank accounts in only 15 minutes, which is the time it took him to print the 3D model of his fingerprint. That's something to think about.

Here is how the 3D prints were made. Using his phone, darkshark took a photograph of his fingerprint, which was found on the side of a wine glass. He pointed out that someone could use a DSLR camera and zoom in on the image of a fingerprint on a glass that is across a room, or even further away. The photo of the print was imported into Photoshop where the contrast was increased and an alpha mask created. He then exported that over to Autodesk's 3ds Max to create a raised 3D model of the print. The AnyCubic Photon LCD resin printer was then employed to produce a 3D image of the fingerprint, which fooled the scanner and unlocked the phone.

Some find that the old school fingerprint reader on the Galaxy S10e works better

This means that if someone has access to your phone and can get an imprint of your fingerprint from something as innocuous as a glass, you could have a problem. And while the ultrasonic fingerprint scanners are supposed to be more secure (and accurate) than the optical readers, it seems that they can be tricked too.

Some Galaxy S10 users have also complained that the ultrasonic fingerprint scanner was having trouble unlocking their phone. One Galaxy S10 owner said that the feature was working for him only 20% of the time, and he threatened to return his Galaxy S10 and replace it with the Galaxy S10e. That's because the lower priced model has a traditional capacitive fingerprint reader on the right side of the device. And as it turns out, many have said that it is more accurate and quicker than the in-display ultrasonic scanner found on the more expensive models.



1. blingblingthing

Posts: 978; Member since: Oct 23, 2012

This isn't an issue. You can threaten someone's life and get their password or force them to use their face unlock to get into their phone. Also, wasn't this same method going to enable someone to unlock all those other fingerprint scanners?

71. sgodsell

Posts: 7456; Member since: Mar 16, 2013

First of all that article where that guy darkshark said he could get the finger print off the persons phone, and then print out a 3D model of the users finger print, is fake. Especially when a fingerprint only leaves a 2D image behind. Samsungs ultrasonic 3D sensor maps more than the basic finger print. It maps the inner parts of a users finger print ridges as well. So darkshark is a liar. Go to Qualcomm themselves and check out how their scanner works. Also you can wear surgical gloves or thin plastic gloves, and the ultrasonic sensor still works.

2. ReticentHamster

Posts: 156; Member since: Jan 19, 2015

This seems... convoluted and complex. I mean, sure you can make a 3D print of someone's print and use it to unlock their phone. But this would require not only stealing the phone, but then having the equipment and software know-how to actually create the fingerprint copy. All unlock methods have a way to bypass it or trick it someway. This guy simply figured out the equation for passing the Ultrasonic reader. Nothing to panic about, and if you're really worried, just secure your banking and other accounts with a password instead of the fingerprint data. You don't HAVE to use the scanner.

7. Dr.Phil

Posts: 2453; Member since: Feb 14, 2011

I will just say that the kids growing up now are learning technology at an even more rapid pace than you or I. So it’s only a matter of time before something that seems “convoluted” becomes like second nature for them. And imagine if you could develop an app that were to make this work even faster? You don’t think there aren’t people out there that would be working on how to do exactly that? And while you may be right that nobody “has” to use the fingerprint scanner, that doesn’t mean that it’s not the preferred method for 95% of people. This is something that should alarm us all, no matter what brand of smartphone you own.

72. sgodsell

Posts: 7456; Member since: Mar 16, 2013

That guy darkshark is a liar. How can you make a 3D image of a users finger print by using the users finger print that is left on a smartphone? Think about it, the ultrasonic sonic sensor on the S10 is using Qualcomms technology, and it scans a 3D image, including the inner ridges of the users finger. So you cannot get that information from someones finger print that was left behind. This is fake. Also you can wear those thin surgical gloves, or those thin plastic gloves that they use to handle meat and fish, or food in general, and the S10 can still scan your finger print.

14. dimas

Posts: 3383; Member since: Jul 22, 2014

"but then having the equipment and software know-how to actually create the fingerprint copy." You do know that those things you mentioned are easy to buy these days, yes? When I was young, I learned the whole yahoo messenger thing in just 15 minutes. If a person will focus on printing stolen fingerprints, he will definitely do it and will be easy for him. Do not underestimate the human brain.

22. chris2k5

Posts: 289; Member since: Nov 17, 2012

You know most college campuses now have 3D printers at the library to do this for free right?

3. Zylam

Posts: 1817; Member since: Oct 20, 2010

It's ok, its Samsung, we ignore, downplay and use hypocrisy to solve the issues here.

21. chris2k5

Posts: 289; Member since: Nov 17, 2012

True. If FBI told Samsung to unlock someone’s phone they would probably do it without hesitation.

23. maherk

Posts: 6966; Member since: Feb 10, 2012

How ironic that this is coming from the same guy that does literally the exact same thing when it's Apple.

47. Vancetastic

Posts: 1614; Member since: May 17, 2017

Apparently, around here, it’s okay to be a deluded Apple fanboy, but the same is not true for Samsung. Gotta love double standards!

50. maherk

Posts: 6966; Member since: Feb 10, 2012

That's the crazy part, is that fanboys on this website are the ones calling other people fanboys lol The past 10 days, I was called a Samsung fanboy by bunch of Apple and Huawei fanboys, and twice a Huawei fanboy by a Samsung fanboy. But yeah, fanboys on the Apple camp are the worst at it, they have zero issues with them trolling under Android articles, but gets furious when it's the other way around.

52. oldskool50 unregistered

It's been this way since the 70's bruh. The problem with Apple fans is simple. They pay more so they think their crap is better, when factually it NEVER has been. Anything bad, even when it just something true; like for example; considering the iPhone is just as big or bigger than the galaxy s, the battery is still considerably larger, which leads to less usage time. They will swear the iPhone last longer and people are just haters. when facts show the galaxy batteries have always been bigger and since the S7 have also last longer too. Best thing to do is, never respond to those fools and just talk tech with people who are here because they love tech. Fanboys like you said are all classically hypocritical. But Apple fanboys are for sure the worse.

62. Zylam

Posts: 1817; Member since: Oct 20, 2010

Oh yeah, and when exactly did I discount Apple from screw ups? Link me to a comment where I've done such. Calling out hate makes you a fanboy eh? I don't even use iOS anymore, got a smashed 6S , (that still works) on my shelf as a make shift weather checker but I use a Redmi Note 5 and 3 Android tablets (Mi Pad 3, 4 and Alldocube X) as my mains. The real irony is how you discount the ridiculous apple hate that clearly comes from the Samsung trolls who think they superior to people they haven't ever met. I personally hate iOS limitations but Android and Samsung have their screw ups too. Honestly it's just sad at how degraded the Android fanbase is, I feel ashamed to share being a fan of Android with such toxic people.

4. Krjal

Posts: 431; Member since: Dec 19, 2013

This is more complex than the capacitive and optical fingerprint sensor foils so I wouldn't be particularly worried.

15. dimas

Posts: 3383; Member since: Jul 22, 2014

That's what people said when credit card magnetic stripes were introduced. Years later, cards got hacked everywhere around the world and anti-magnet hacking wallets were sold.

53. oldskool50 unregistered

And yet billions of people use Credit Cards everyday with no issue. Just because a security measure can be hacked, doesn't mean you have to worry. PA is seemingly just trying to play on the fact they and others hate Samsung, so anything that makes Samsung look bad, they try to blow all out. Funny, the article they did, which showed face ID, and Apple's FPS being tricked into unlocking on the iPhone 6, 7 and 8 and X respectively, was painted as a thing you don't have to worry about. You know, because only 1:1,000,000 chance Face ID will unlock with some else face. yet there are well over 50 videos on YT proving that it was nothign more than a marketing lie.

5. cmdacos

Posts: 4269; Member since: Nov 01, 2016

We get it. There isn't a secure biometric or facial recognition system yet available that can't be hacked. If people care about security they use a password exclusively. 99% of people will choose convenience everytime.

6. kanagadeepan

Posts: 1271; Member since: Jan 24, 2012

Thats why Banks have to use OTP (One time password, which is generated by server, sent as SMS and will work for just 2 minutes after sending) along with password/fps combo..

33. iloveapps

Posts: 867; Member since: Mar 21, 2019

Didn’t someone sued Apple because of two factor authentication

8. uchihakurtz

Posts: 428; Member since: Nov 12, 2012

Too complicated, rather just cut off the finger of the owner

20. chris2k5

Posts: 289; Member since: Nov 17, 2012

Take pic of fingerprint 30 seconds Import to Photoshop and increase contrast 1 minute Print on 3D printer 10 minutes Wipe out bank accounts 5-15 mins

25. cmdacos

Posts: 4269; Member since: Nov 01, 2016

If it was this easy, people who commit real crimes would be framing people all over the world with this 'simple' process.

9. Whitedot

Posts: 833; Member since: Sep 26, 2017

Somone just finished watching all "Mission Impossible" films.

11. SaRPeR

Posts: 148; Member since: Mar 02, 2017

It is easier to kidnap the phone's owner and threaten the owner to unlock the phone while pointing a gun at his head. And you can do that with every phone. So every phone is not secure?

16. dimas

Posts: 3383; Member since: Jul 22, 2014

Just remember this standard rule: No technology is fool-proof. Some where, some time, that 'advanced' technology you are holding right now will go thru reverse-engineering, cracked and hacked, so on and so forth.

12. pogba

Posts: 112; Member since: Jun 13, 2018

with the right resources, skills and determination, no biometric system is actually safe.

13. drunkenjay

Posts: 1697; Member since: Feb 11, 2013

my fingerprint sensor works fine 10/10 now actually.

17. dmakun

Posts: 382; Member since: Jun 06, 2011

The iris scanning is still the way to go. Even though its sometimes a hit or miss, it remains the most secure of all these "security" options. Face unlock & fingerprint are good but they don't match the iris unlock system.

37. dylanlee982

Posts: 9; Member since: Feb 28, 2019

you can use a picture of someones face and it unlock with iris scanner i know because my galaxy s8 will so no its not more secure

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.