BleepingComputer reported that there is a gaping security hole that involves the Samsung Galaxy S10 fingerprint sensor. It was a totally random event that resulted in this discovery, where one would be able to bypass the ultrasonic in-display fingerprint reader using a cheap silicone phone case that costs less than $4. .
Using said cheap wraparound case that covers the back and front of the Galaxy S10, the in-display ultrasonic sensor's performance did not live up to expectations when called upon. Basically, any fingerprint will do to unlock the device. In addition, fingerprint security can be used to unlock other apps or provide access to services such as banking apps and financial instruments.
Once word of this weakness in the Galaxy S10's in-display fingerprint reader got out, people have begun to test out this 'theory' using any cheap silicone case that they could find, arriving at shockingly similar results.
Samsung's customer service was caught on video claiming that this is a security breach. Samsung released an official statement on the matter, "We're investigating this internally. We recommend all customers to use Samsung authorised accessories, specifically designed for Samsung products." That is not saying much, as anyone who would like to access a Galaxy S10 or Galaxy Note10 would know which cheap hack to use in order to gain access to those devices.
While there is no perfect security system or hardware, Samsung's decision to ditch facial recognition security this time around has come back to bite them with this discovery. Before this security flaw was discovered, Samsung's in-display ultrasonic fingerprint sensor has been touted to be one of the most secure of its kind as it required a high level of technical knowledge to find a workaround. Who would have thought that a low-tech hack would work?
Earlier this year when the Samsung Galaxy S10 was released, it proved to be the bee's knees, delivering superb performance for a flagship device at a premium price point. There was very little to complain about the handset at all, but it seems that this particular discovery might see a free-fall in the price of second hand Galaxy S10 units or even those at retail. Who would have thought that a cheap silicone case would be the undoing of a supposedly sophisticated security feature?
In the meantime, you might want to delete your stored fingerprints on the Galaxy S10 and fall back onto old school and traditional security measures such as using a PIN number or draw a complex pattern. There are drawbacks to both of these options, but at least they are far more secure in comparison to having any fingerprint unlock your flagship Galaxy S10.
Do take note that the recently launched Galaxy Note10 and Galaxy Note10 Plus also comes with the same ultrasonic in-display fingerprint reader, rendering both flagship devices vulnerable to this cheap "hack". Hopefully, Samsung will be able to release a fix sooner rather than later, and even so, it remains to be seen whether a software update would be able to fix this flaw.
