The fingerprint security feature of Samsung Galaxy S10 and S10+ has been hacked using only a 3D printer and printed fingerprint of the owner. The hack can be carried out without the presence of the actual owner since a printed copy of the fingerprints is used.
When evaluated by security researchers it was confirmed that fooling the Samsung device although is difficult since it only responds to the actual owner’s fingerprint if the hacker can create a full copy of the owner’s fingerprint then it might unlock the device repeatedly.
This means, a hacker can easily access the contents of a stolen Samsung mobile phone because 3D printing can easily replicate the fingerprints because the device always contains the owner’s fingerprint impressions. Once the device is unlocked a hacker can get access to the data stored in the device.
Security researcher using the ID darkshark posted on Imgur that a smartphone’s fingerprint sensor cannot be fully trusted specifically Samsung Galaxy S10 since he could unlock his smartphone without touching the fingerprint sensor physically.
The revelation comes at a time when Samsung has just announced that the S10 model will be equipped with a secure blockchain wallet where the users can store their crypto wallet’s private keys. The news that the device’s biometric security system isn’t reliable and can be exploited with just a copy of the fingerprint makes the new mobile’s security mechanism questionable.
As per the report from CoinDesk Korea, the Blockchain wallet from Samsung is only compatible with Ethereum and Ethereum-based ERC20 tokens at the moment while in the future the company plans to offer compatibility with other crypto options including Bitcoin.
Darkshark demonstrated in a 20-second long video that the built-in ultrasonic fingerprint sensor in Samsung’s newest device is easy to deceive, and it only takes about 13 minutes to create the print of an original fingerprint. All that a hacker needs to do is to use Photoshop to modify the image and create its 3D model after which it can be printed.
The video is titled “I attempted to fool the new Samsung Galaxy S10’s ultrasonic fingerprint scanner by using 3d printing. I succeeded.” Darkshark also showed how he could unlock his Samsung Galaxy S10 wearing gloves, which was to ensure that the sensor couldn’t detect the fingerprint.
He took a photograph of his fingerprint on a wine glass for which he used a DSLR camera and Photoshopped the captured image to create its alpha mask. Then he created a geometry displacement of the image using 3ds Max and used an AnyCubic Photon LCD resin printer with 10 microns accuracy to produce a 3D printed copy of his fingerprint.
This copy was so accurate that it contained the tiniest details like the ridges. After two failed attempts, darkshark was able to unlock the device using that image. Samsung will be addressing this issue in the near future and meanwhile, users should unlock the device using PINs and passwords.