Samsung Galaxy S10 and Note 10 hogged limelight last week after a major flaw with biometrics was discovered. The flaw allowed anyone to unlock your phone provided you have installed a screen protector. Both the devices offer an in-screen fingerprint reader.
Samsung has issued an update that fixes the flaw. The update is currently being rolled out to all the affected phones in Korea. Furthermore, Samsung is asking users to delete all the previous fingerprints after the update has been installed. Users are required to register their fingerprints with the screen protector removed.
If you’ve used a screen cover, such as silicone cover with a textured surface on the inside, the texture itself may be recognized as a fingerprint that can unlock your phone.
The flaw had forced banks to blacklist S10 and Note 10 devices from accessing their apps. Typically banking apps allow users to register their fingerprints and gain access to their accounts. In this case, the flaw will potentially pose a huge security risk by allowing anyone to access your bank account.
Our Take
We might think that smartphone biometrics are foolproof. However, the reality is that the fingerprint sensor and even face unlock can be spoofed. Researchers have demonstrated that fingerprint sensors can be spoofed by using a dental mold to create imprints.
Researchers recently spoofed Apple’s Face ID by using tape and glasses. However, spoofing biometrics is not easy and requires a lot of effort. Meanwhile, companies like Samsung should refrain from putting the blame on cheap screen protectors and should actively work towards detecting and fixing such flaws.