중앙데일리

Galaxy S10 has huge security flaw

A cheap silicone case will bypass that fancy fingerprint scanner

Oct 18,2019
A screen capture from Samsung Electronics’ official website shows the Galaxy S10’s fingerprint scanner. [SCREEN CAPTURE]
Samsung Electronics has started an investigation into its Galaxy Note10 and Galaxy S10 smartphones after reports that the phones’ fingerprint scanners can be completely bypassed with a cheap phone case.

According to local online communities for tech fans and foreign media outlets Wednesday, the fingerprint lock on the Galaxy S10 is rendered useless by a silicone case sold on eBay for around $3. As the Galaxy Note10 uses the same ultrasonic in-display sensor as the S10, the phone is expected to be similarly vulnerable.

The case in question is a wraparound product that covers both the back and front of the phone. With the case on, the fingerprint reader can seemingly be unlocked by literally any thumb. The bigger problem is that this isn’t a one-off incident - the case has been tested on multiple phones - and users can choose to use the fingerprint sensor as the additional security measure for a whole host of apps, including banking apps.

Due to growing concerns about the security risks, internet-only bank Kakao Bank issued a notice to its users on Thursday recommending that users deactivate the fingerprint scanner security option.

“The phone manufacturer is currently looking into finding the cause of the problem,” Kakao Bank said in the notice. “We recommend users of the listed Samsung phones use pattern or password-based user verification methods rather than fingerprint recognition until the problem is solved.”

This security issue was first raised by British newspaper The Sun after an affected user reported the issue on Oct. 13. It provided video footage of how a user called Lisa Neilson discovered that her phone could be unlocked by anybody after she put on a gel cover from eBay.

A Korean user also posted on a local online tech forum on Sept. 10, saying that they had discovered a way for anybody to unlock their phone and were wondering how to report it to Samsung.

On Wednesday, Samsung Electronics told the JoongAng Ilbo that the company is “running internal investigations” and that it recommends users use Samsung-authorized accessories.

On Thursday, the electronics giant said in a statement that it “will be deploying a software patch soon” to solve the problem, without detailing a timeline.

Unlike Samsung, Apple uses facial recognition technology on its latest phones.

BY KIM JEE-HEE, KIM YOUNG-MIN [kim.jeehee@joongang.co.kr]


dictionary dictionary | 프린트 메일로보내기 내블로그에 저장