There are security vulnerabilities in the Samsung Galaxy S10 ultrasonic biometric fingerprint scanner, and hackers can use the 3D printed fingerprint of the mobile phone user to pass the verification.

The Samsung S10 and S10+ use ultrasonic fingerprinting technology, which is safer than traditional fingerprint scanning technology. Samsung has claimed that even if someone has a 3D image of the user’s fingerprint, the ultrasonic fingerprinting technology will not let them invade the user’s mobile phone. But now researchers have proven that 3D printed fingerprints can be.

Researcher Darkshark first used his mobile phone to take pictures of his fingerprints left on the glass and used Photoshop to process the photos, leaving only fingerprints in the photos. He then imported the image into 3DS Max software to create a 3D model and then printed the fingerprint on a piece of resin using the AnyCubic Photon LCD printer. Finally, he successfully unlocked the phone with this 3D fingerprint.

This vulnerability poses many security issues. Since most banking applications only require fingerprint authentication, if only the fingerprint is used to protect the phone, all the information may be stolen, and the money in the bank card can be less than 15 minutes.

Samsung has said that when fingerprinting mobile phones, there is a machine learning algorithm to help detect the difference between real fingerprints and fake 3D replicas, but the method of Researcher Darkshark experiment does not seem to match Samsung’s statement.  Although this method can crack the fingerprint identification technology, the actual operation is still more troublesome, generally, users do not have to worry too much.

Via: pcmag