New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Samsung Galaxy S10 Fingerprint Reader Duped by Silicon Case

Lisa and Wes Neilson, a couple located in the UK, found that the fingerprint scanner on the Galaxy S10 could be tricked into allowing any person access to the device, regardless of the registered biometric data. When the phone was purchased for Lisa Neilson, she put a cheap silicon case on it; she noticed that the phone was able to be unlocked by any fingerprint, even if hers was the only one registered in the settings. Her husband and sister decided to try it with their phones as well and had the same results. Samsung implemented a new fingerprint reading technique that uses ultrasound readers embedded under the display; the S10 and S10+ were the first phones to use this method. Because most after-market screen protectors sold by third parties rely on a thin film of adhesive to attach the protector to the screen glass, some screen protectors reduce the accuracy of ultrasonic sensors to correctly identify authorized fingerprints.  To compensate for this deficiency, some third-party screen protector manufacturers have switched to using an adhesive gel.  The gel may be responsible for causing the ultrasonic fingerprint sensor to register any fingerprints as being a match to the authorized fingerprint, according to some reports.  Samsung was alerted by the couple. A member of the Samsung customer support team connected to the phone remotely and stated that it looked like a security breach. An internal investigation has been launched to help better understand why this issue is occurring.

Analyst Notes

Since many banking apps use biometric authentication, this could pose a serious financial risk if the device is stolen and accessed by an unauthorized party. Customers are advised to exclusively use Samsung approved accessories for Samsung phones.