Galaxy S10 Hacked By 3D-Printed Fingerprint
Duping the Samsung Galaxy S10's fingerprint reader is a simple hack that can be achieved in just three minutes, a researcher says.
Samsung's Galaxy S10 virtual fingerprint sensor might have a security problem.
A person who goes by the name "darkshark" on Imgur has published a short video showcasing how the Galaxy S10's fingerprint sensor can be duped by a 3D-printed fingerprint.
According to the user, he started with a fingerprint on a wine glass. He took a picture of it from his phone and processed it in Photoshop to remove the outside areas and leave only the fingerprint. He then input that fingerprint into 3DS Max to create a 3D model he printed with his 3D printer.
Now armed with a 3D-printed fingerprint, he simply placed it over the virtual sensor on the Galaxy S10's screen and got into the handset with no trouble. The video he published to Imgur shows the hack in action. And he even wears gloves in the video to make clear that the fingerprint sensor isn't picking up his actual fingerprint.
MORE: Galaxy S10 vs. Galaxy S10 Plus vs. Galaxy S10e - What Should You Get?
The sensor on the Galaxy S10 uses ultrasonic technology to identify a person's fingerprint, compare it to the fingerprint on file, and provide access when there's a match.
Darkshark's hack effectively dupes that system and calls into question just how safe and reliable fingerprint sensors actually are.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!
In a comment on his post, Darkshark said that he needed to make three fingerprint reprints to get the ridges on the fingerprint right. Once he got that right, he found that the 3D fingerprint can unlock his phone just as well as his actual fingerprint in most cases.
"This brings up a lot of ethics questions and concerns," he said. "There's nothing stopping me from stealing your fingerprints without you ever knowing, then printing gloves with your fingerprints built into them and going and committing a crime."
He said that now that he's figured out the printing process, he could steal someone's fingerprint and get it printed and ready to use within three minutes.
Fingerprint sensors are often a first line of defense for a variety of applications and services. If your fingerprint can be so easily duplicated and used maliciously, it's possible hackers could easily steal data and other information by only snapping a photo of your fingerprint on a wine glass.
This isn't the first time the Galaxy S10's security was duped. In March, it was discovered that the smartphones' face-scanning camera can be fooled by a photo of the person assigned to it, or even with a face that's remotely similar (such as that of a sibling). The photo trick worked in our testing, but only with Fast Facial Recognition on.
Until Samsung comes up with an official fix for these Galaxy S10 security loopholes, you can turn off features such as fingerprint unlock and Fast Facial Recognition if you want to keep your phone extra safe.
Don Reisinger is CEO and founder of D2 Tech Agency. A communications strategist, consultant, and copywriter, Don has also written for many leading technology and business publications including CNET, Fortune Magazine, The New York Times, Forbes, Computerworld, Digital Trends, TechCrunch and Slashgear. He has also written for Tom's Guide for many years, contributing hundreds of articles on everything from phones to games to streaming and smart home.