Ultrasonic fingerprint scanner on Samsung Galaxy S10 can be tricked into unlocking the device
The Samsung Galaxy S10 and Galaxy S10+ are both equipped with an ultrasonic in-display fingerprint scanner. Unlike the optical scanners that can be found on many Android devices, the ultrasonic readers use sound to map out a user's fingerprint in 3D. This is more accurate than matching up the 2D image used with optical biometric readers. Even so, one Samsung Galaxy S10 owner posted on Imgur the steps he used to create a 3D image of his own fingerprint. This was used to trick the fingerprint scanner on his phone into unlocking the device.
The Galaxy S10 owner, who goes by the handle darkshark on the image sharing site, said that with a stolen Galaxy S10 protected only by a fingerprint, he could get into the banking apps on the phone and wipe out the owner's bank accounts in only 15 minutes, which is the time it took him to print the 3D model of his fingerprint. That's something to think about.
Here is how the 3D prints were made. Using his phone, darkshark took a photograph of his fingerprint, which was found on the side of a wine glass. He pointed out that someone could use a DSLR camera and zoom in on the image of a fingerprint on a glass that is across a room, or even further away. The photo of the print was imported into Photoshop where the contrast was increased and an alpha mask created. He then exported that over to Autodesk's 3ds Max to create a raised 3D model of the print. The AnyCubic Photon LCD resin printer was then employed to produce a 3D image of the fingerprint, which fooled the scanner and unlocked the phone.
"It took me 3 reprints trying to get the right ridge height (and I forgot to mirror the fingerprint on the first one) but yeah, 3rd time was the charm. The 3D print will unlock my phone...in some cases just as well as my actual finger does. This brings up a lot of ethics questions and concerns. There's nothing stopping me from stealing your fingerprints without you ever knowing, then printing gloves with your fingerprints built into them and going and committing a crime. If I steal someone's phone, their fingerprints are already on it. I can do this entire process in less than 3 minutes and remotely start the 3d print so that it's done by the time I get to it. Most banking apps only require fingerprint authentication so I could have all of your info and spend your money in less than 15 minutes if your phone is secured by fingerprint alone."-darkshark
Some find that the old school fingerprint reader on the Galaxy S10e works better
This means that if someone has access to your phone and can get an imprint of your fingerprint from something as innocuous as a glass, you could have a problem. And while the ultrasonic fingerprint scanners are supposed to be more secure (and accurate) than the optical readers, it seems that they can be tricked too.
Some Galaxy S10 users have also complained that the ultrasonic fingerprint scanner was having trouble unlocking their phone. One Galaxy S10 owner said that the feature was working for him only 20% of the time, and he threatened to return his Galaxy S10 and replace it with the Galaxy S10e. That's because the lower priced model has a traditional capacitive fingerprint reader on the right side of the device. And as it turns out, many have said that it is more accurate and quicker than the in-display ultrasonic scanner found on the more expensive models.
Things that are NOT allowed: