Samsung unveiled its long-awaited ultrasonic fingerprint sensor technology with the launch of its Galaxy S10 series, but the biometric security doesn’t seem to be as reliable as previously thought. Similar to Apple’s FaceID, Samsung’s in-display scanner has been bested with a little bit of know-how and a 3D printer.
Imgur user darkshark took it upon himself to put the feature to the test, with The Verge displaying his process step-by-step. First, he snapped a picture of his fingerprint on a wine glass using a smartphone and imported it into a software called 3DS Max. From there, the fingerprint was constructed into a three-dimensional version and produced using a 3D printer. Slipping on a pair of gloves to control the test further, his third attempt resulted in the ability to repeatedly unlock the Galaxy S10+.
While the process sounds a little finicky to the unsuspecting reader, darkshark notes that the printer itself cost around the $400 mark, and given the size of the fingerprint used, there are even cheaper ones that could potentially suffice. “I can do this entire process in less than 3 minutes and remotely start the 3d print so that it’s done by the time I get to it,” he writes.
The most concerning portion of this is how easy it is to snap a picture of a fingerprint as smartphone camera technologies continue to improve, and the reliance on fingerprint scanning as a means of authentication within banking applications. “I could have all of your info and spend your money in less than 15 minutes if your phone is secured by fingerprint alone,” explains the user.
None of this is new information to many of our readers, as biometric security has long been criticised for its reliability alone. It is often recommended to pair it with a traditional password in order to reap most of the benefits; however Samsung’s marketing would have you believe otherwise by saying that there are “no tradeoffs” with ultrasonic fingerprint ID and users don’t have to “sacrifice user experience for security.”
Samsung has yet to acknowledge darkshark’s findings, or respond for comment.
KitGuru Says: Perhaps some might consider it the peak of paranoia and something you’d sooner see in a Bond movie than real life, but it’s worth keeping in mind given that most con artists tend to premeditate their crimes and choose targets carefully. In the meantime, users are recommended to couple biometric security and/or place a password as a second, third or even fourth layer of protection.