Someone just unlocked a Samsung Galaxy S10 with a 3D-printed fingerprint
Biometric authentication is extremely convenient, which is why we love it so much. Why remember a complex password when you could just glance at your phone or swipe a finger to make a payment, right?
Unfortunately, while biometric authentication is indeed convenient, we must keep reminding ourselves that it is also not foolproof. For the end user, i.e. you and I, all we know is that we swipe our finger or glance at our phones, magic happens, and the phone is unlocked.
How many of us are aware that most phones use 2D face unlock, where the phone is effectively taking a photo of our face and can thus be fooled by a photo? How many are aware that most in-display fingerprint scanners (including the one on the OnePlus 6T), uses an optical scanner that could also be fooled by a photo of your fingerprint?
Better yet, no system is perfectly secure. Unless you have a twin, Apple’s Face ID has so far proven to be the hardest to crack, but given enough cash and a bit of time, even that system has been fooled.
Only recently it was reported that Samsung’s latest and greatest phone, the Galaxy S10, can be fooled by a photograph. Now, yet another report reveals that the in-display fingerprint scanner can be fooled by a 3D-printed fingerprint.
Most fingerprint scanners use capacitive sensors. These sense the contact patch your finger makes when it’s on the sensor. It’s a bit like a 2D image but far more secure. An optical scanner just takes a photo.
The S10 uses a more secure sensor involving an ultrasonic sensor. This type of sensor uses sound waves to determine the shape of your fingerprint in 3D, making it yet more secure.
However, as proven by imgur user darkshark, even this can be fooled by something as simple as a 3D-printed fingerprint.
He basically took a photo of his fingerprint on a wine glass, edited in 3DS Max — 3D modelling software — and printed a fingerprint using a 3D printer. The process only took him a few minutes and some tweaking.
As reported by The Verge, darkshark said that all he needed to get into his phone was “a photograph, some software, and access to a 3D printer.”
To be fair to Samsung, this isn’t exactly a knock against the S10. Most manufacturers use mechanisms that are far less secure, and it’s not like everyone has access to the tools and resources needed to 3D print a fingerprint.
If anything, this is just a reminder that we can’t just blindly rely on technology to keep our data safe.
Tech2 is now on WhatsApp. For all the buzz on the latest tech and science, sign up for our WhatsApp services. Just go to Tech2.com/Whatsapp and hit the Subscribe button.