A 3D-printed fingerprint has managed to fool the Samsung Galaxy S10's under-display ultrasonic fingerprint reader.
This highlights the potential risks users face if they use only fingerprint security on their smartphones and certain software, such as banking apps.
Galaxy S10's Fingerprint Reader Tricked
The Imgur user darkshark posted their findings online, demonstrating that a 3D-printed copy of their fingerprint unlocked the Galaxy S10.
What they did is they took a picture of their fingerprint on a wineglass, put it in Adobe Photoshop and created an alpha mask, and exported it to 3ds Max to turn it into a 3D model. Afterward, all that was left was to print it.
Unlike the typical fingerprint sensors of late, the Galaxy S10 doesn't use capacitive biometric readers. As mentioned earlier, it uses ultrasonic technology, which technically should make it harder to fool. Despite that, darkshark managed to bypass it, though, and as the user notes, they "can do this entire process in less than 3 minutes."
Security Risks Of Relying Only On Fingerprints
The post outlines the dangers of using fingerprint as the sole security measure on a phone.
Specifically, the user only needed to snap a photo of a fingerprint, process it in a few image applications, and create a replica using a 3D printer. Usual banking apps nowadays are starting to use fingerprints as a form of authentication to gain access to them, making them particularly vulnerable to this method.
"There's nothing stopping me from stealing your fingerprints without you ever knowing, then printing gloves with your fingerprints built into them and going and committing a crime," they write.
In the past, many other users have bypassed typical mobile security measures, including face unlocks. Case in point, the Galaxy S8's facial recognition tech was tricked by a photo before, and the iPhone X and its Face ID tech was fooled by a $150 mask too. In the Galaxy S10's case, even Samsung itself advised against using face unlock for security purposes.