Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Android Security

Samsung Says Anyone's Thumbprint Can Unlock $900 Galaxy S10 Smartphone (bbc.com) 40

A flaw that means any fingerprint can unlock a Galaxy S10 phone has been acknowledged by Samsung. From a report: It promised a software patch that would fix the problem. The issue was spotted by a British woman whose husband was able to unlock her phone with his thumbprint just by adding a cheap screen protector. When the S10 was launched, in March, Samsung described the fingerprint authentication system as "revolutionary." The scanner sends ultrasounds to detect 3D ridges of fingerprints in order to recognize users. Samsung said it was "aware of the case of S10's malfunctioning fingerprint recognition and will soon issue a software patch."
This discussion has been archived. No new comments can be posted.

Samsung Says Anyone's Thumbprint Can Unlock $900 Galaxy S10 Smartphone

Comments Filter:
  • by Chrisq ( 894406 ) on Thursday October 17, 2019 @09:52AM (#59318568)
    I recon it will just refuse to unlock if you have a screen protector
    • by PCM2 ( 4486 )

      Issues with screen protectors have dogged the S10 from the beginning. Shortly before it shipped, Samsung announced that it would come with a built-in screen protector, because most current protector designs would interfere with the fingerprint scanner.

      This built-in protector is basically a cheap piece of plastic, though. It's not much better than the stuff that comes on the shiny bits of your phone that you peel off during unboxing. It, too, seemed to interfere with the fingerprint reader for some people. F

    • You are over thinking it. Just take off the cheap screen protector.

      • by Merk42 ( 1906718 )
        Except, you know, this means the security of anyone with an S10 using the fingerprint for login is compromised. A malicious user could supply their own screen protector.
        • by Dan East ( 318230 ) on Thursday October 17, 2019 @01:12PM (#59319438) Journal

          That wouldn't allow the malicious user to immediately unlock the phone though. The problem happens when the screen protector is in place when the phone learns a new fingerprint. Essentially instead of learning the fingerprint, it is "learning" the screen protector. Thus any object placed against the reader will unlock the phone as long as the screen protector is still in place.

          So in your scenario, an attacker would apply a screen protector. Then the owner will try to unlock the device with their fingerprint and it will fail, and they will fall back on using the PIN. If they eventually go to the trouble of reprogramming their fingerprint then the attacker be able to unlock the phone (assuming the screen protector is still in place).

          • No, anyone's random screen protector can unlock any of these phones.

            https://twitter.com/Sta_Light_... [twitter.com]

            too video; didn't watch:

            A user registers a new thumb print with no protective cover, and confirms that it unlocks the phone, but his other finger doesn't. Then he picks up a screen protector and lays it across the screen, and unlocks it with a finger that was previously rejected.

            Basically, the phones have no protection at all to random pieces of thin, clear plastic.

  • Very revolutionary security! The illusion of security is all you need!

    • Very revolutionary security! The illusion of security is all you need!

      This is truth, just ask the TSA how it works.

  • The problem is (Score:5, Informative)

    by NathanWoodruff ( 966362 ) on Thursday October 17, 2019 @10:22AM (#59318686) Journal
    From the article:

    She registered her thumb print after putting on the screen protector. The software that read the thumb print didn't read her thumb print it read the screen protector. Pressing any item to the thumb reader, the software will still read the screen protector.
    • Re:The problem is (Score:4, Informative)

      by BrainJunkie ( 6219718 ) on Thursday October 17, 2019 @10:28AM (#59318716)
      You're protecting it wrong.
    • From the article:

      She registered her thumb print after putting on the screen protector. The software that read the thumb print didn't read her thumb print it read the screen protector. Pressing any item to the thumb reader, the software will still read the screen protector.

      So, it seems that Screen Protectors are just the bane of Samsung's existence at this point (see, e.g. Galaxy Fold "screen protector" issue).

      • On the other hand, I'd love to remove that screen protector, if it wasn't that those phones are almost exclusively made of glass, up to the very edge meaning that the glass will shatter as soon as the phone falls on a hard surface.

        So basically they should stop selling phones that are that fragile and focus on sturdiness instead, then they'll be more legitimate complaining about screen protection.

        • On the other hand, I'd love to remove that screen protector, if it wasn't that those phones are almost exclusively made of glass, up to the very edge meaning that the glass will shatter as soon as the phone falls on a hard surface.

          Preach it, brother!

          Seriously, who was the fucking idiot that said "Lets make our phones out of glass!"

          Glass is the very last material I'd ever pick to make a phone out of, coming in slightly behind damp cardboard.

          • by PCM2 ( 4486 )

            I love the feel of it, especially without the crappy built-in screen protector. It does feel weird to be able to shatter the back of your phone, though.

            • I love the feel of it, especially without the crappy built-in screen protector. It does feel weird to be able to shatter the back of your phone, though.

              Well then, enjoy the feel of shattering the back of your phone.

              I would take metal or plastic over glass any day for the body or casing of my phone. Who wants to be afraid of dropping their phone? Not me; I'm human and fallible and I drop my phone occasionally. When I do, I don't want to automatically rack up a several hundred dollar repair fee.

            • Sure I like it too and it looks good. I loved that idea for a month... until is shattered. Now I think this was a heck of a stupid idea and I'll put it in the "cons" when buying my next phone.

    • From the article:

      She registered her thumb print after putting on the screen protector. The software that read the thumb print didn't read her thumb print it read the screen protector. Pressing any item to the thumb reader, the software will still read the screen protector.

      So, a foldable phablet that you have to treat like a Fabergé Egg, and a "Revolutionary" phone you can't even put a screen protector on?

      Spectacular R&D and Marketing there, Samsung!

    • You get what you ask the AI to do not what you wanted it to do

    • For further clarity, this phone has an in-screen fingerprint sensor. It doesn't have a dedicated fingerprint sensor, so the screen protector maker can't leave a cutout for where you place your finger.
  • Pathetic!
  • Is there any in-screen fingerprint reader that can work around the issue of what to do if there's a screen protector overlaid on the screen?

    What will the patch do - basically just refuse to train on a fingerprint if it detects a featureless (or at least non-fingerprint like) flat surface?

    There are enough people that use screen protectors it would seem to completely kill the idea of a general release of a phone that has one in-screen.

    • It was always a bad idea to put it under the screen, because everyone needs a screen protector.

      It only makes sense at the bottom of the screen where it can double as another button (on Moto it makes the bar appear when in immersive mode, so you don't have to swipe) or on the back where you can hit it with one finger of the hand you're holding the phone with.

      Putting it under the screen was attractive because it would attract idiots, because OOH SHINY, but it doesn't make any technical sense.

      • It was always a bad idea to put it under the screen, because everyone needs a screen protector.

        Do they? I've never used a screen protector and never scratched my screen. It's probably not a bad idea to have a screen protector if you're rough on your phones, but average person probably doesn't need one.

        • 90% of people drop their phone once a month [allaboutwindowsphone.com]. Except for you goddamned supermen, people need screen protectors.

          • I'm certainly guilty of dropping my phone (probably more than once a month) but I've never had a screen protector. I just have a basic case [apple.com] like this and it does fine. Maybe if the phone fell face first onto rocks or something then a screen protector might help but I can't say I've ever had that happen...though perhaps that's a common occurrence.
            • I've been lucky and never broke a screen by dropping my phone, but I have scratched a couple. I've always disliked plastic screen protectors, so I skipped them on some occasions, and regretted it. On my current phone I went with a glass screen protector from the very beginning. They are cheap now, so there's no good reason not to use one.

      • Fingerprint readers are fucking dumb in general. Putting them under the screen is doubly so.
        But no, you don't need a screen protector. I don't use a screen protector on any glass screen device. Plastic displays? Of course I do. Glass? Fuck no.

    • by kiviQr ( 3443687 )
      yes, one that comes preinstalled with the device
    • I imagine the patch will include a less strict detection system for screen protectors, which when flagged, probably enables the algorithm to account for the vibrations traveling through a plastic medium before / after the scan.

  • It's called the Galaxy S10e. [digitaltrends.com]
     
    It fixes all the problems in the other versions of S10. It has the fingerprint reader on the physical power button. It doesn't have the bullshit curved screen. It's just all-around better in every way.

  • I would prefer a security update to a software update, thank you very much.

  • "A flaw that means any fingerprint can unlock a Galaxy S10 phone has been acknowledged by Samsung."

    what. the. fuck.

    In other news, Schlage and Kwikset both acknowledged their new line of high-security locks can be opened with "any key".

  • This is just a bad idea that Samsung engineering became pot-committed to: https://patents.google.com/pat... [google.com]

    The readout is likely more affected by how hard the user typically presses and the thickness and consistency of flesh between skin and bone than anything to do with the actual fingerprint. These are not very unique parameters and even if they come out with some sort of software fix for their broken solution it will be found to not be all that distinguishing now that people are going to test the he

  • Anyone's random screen protector can unlock any of these phones.

    https://twitter.com/Sta_Light_ [twitter.com]... [twitter.com]

    too video; didn't watch:

    A user registers a new thumb print with no protective cover, and confirms that it unlocks the phone, but his other finger doesn't. Then he picks up a screen protector and lays it across the screen, and unlocks it with a finger that was previously rejected.

    Basically, the phones have no protection at all to random pieces of thin, clear plastic.

Never test for an error condition you don't know how to handle. -- Steinbach

Working...