FB pixel

Hack of Samsung Galaxy S10 ultrasonic fingerprint sensor suggests no liveness detection

 

The ultrasonic biometric fingerprint scanner on a Samsung Galaxy S10 has been hacked with a 3D-printed copy of the phone owner’s thumbprint taken from a photograph of a latent print on a wine glass, Forbes reports. A security researcher going by the handle darkshark on Imgur says the technique could be replicated to steal latent prints from a distance and break into a stolen smartphone, as well as biometrically-secured accounts.

The researcher used the photograph to create an alpha mask in Photoshop, and then rendered it into 3D using 3ds Max software. The fake print was printed with an AnyCubic Photon LCD resin printer with 10 micron-accuracy in 13 minutes, and with three attempts to set the correct ridge height, a fake was generated which consistently opens the flagship Samsung smartphone.

The ultrasonic sensor is supposed to detect liveness by sensing blood flow, which darkshark points out seems not to be the case, perhaps due to changes made when Samsung updated the software for the in-display sensor to deal with performance issues a few weeks ago. The face authentication system of the Samsung Galaxy S10 has also been criticized as too easy to hack after images from the web or of siblings were found to unlock the device.

“The whole biometric authentication movement at consumer level of electronics is never going to be very secure” Ian Thornton-Trump, head of cybersecurity at AmTrust Europe told Forbes. “I’m not a fan of facial recognition, voice recognition or fingerprint authentication but consumers are and that’s not a bad thing.”

The same researcher said in a Reddit thread that the ultrasonic scanner is probably safer than other sensor types, and noted that some optical sensors can be spoofed with a paper printout.

Article Topics

 |   |   |   | 

Latest Biometrics News

 

UK school reprimanded by ICO for using facial recognition without DPIA

A school in Chelmsford, Essex, has been reprimanded by the Information Commissioner’s Office (ICO) for the unlawful implementation of facial…

 

Tech5 introduces flexible biometric template protection for its ABIS

Tech5 has developed biometric template protection technology that it says meets the criteria set out in the ISO/IEC 30136 standard….

 

Maza streamlines KYC with Regula biometric and document verification

Regula has integrated its document and biometric verification system into Maza Financial, a fintech company based in the United States,…

 

More ballparks to get biometric entry through MLB’s Go-Ahead Entry

Major League Baseball continues to grow its facial recognition entry program with biometrics from NEC. An article in Sports Business…

 

Inrupt enters growing digital wallet market with pitch from WWW inventor

Inrupt has launched a digital wallet, which comes with a notable endorsement from an internet pioneer. A press release says…

 

OIX calls on new UK government to accelerate digital ID rollout

The UK should work toward a digital wallet strategy, provide clarity on how ID will work across the public and…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events