Update to fix in-display fingerprint biometrics vulnerability on Samsung Galaxy devices rolled out
Samsung has issued a software update to address critical security issues with the in-display biometric fingerprint recognition function of its Galaxy S10 and Note 10 smartphones, and apologized for the situation, according to a Reuters report on KFGO.
The Bank of China and Alipay have suspended fingerprint authentication for payments according to the report, though they may not reinstate the method. Computer Weekly reports that NatWest has blocked its mobile banking app from being downloaded by some Samsung users, and Nationwide has restricted some features in its app in response to the problem. South Korean online-only bank KakaoBank and an Israeli bank have also reportedly taken action to limit risk to their institution and customers.
“We are aware of reports in the news that suggest Samsung S10 devices with a screen protector can be unlocked with any fingerprint,” said a Nationwide spokesperson. “While we are confident in the security measure we have in place, we know some of our members have this device and may use TouchID to access their banking app. That is why we have placed warnings on the app alerting of the issue and suggesting they may want to consider turning TouchID off until a fix is in place from Samsung.”
The whole ordeal traces back to a UK Samsung customer who purchased a cheap screen protector for her Samsung device online, and then found it rendered all attempts to unlock the smartphone successful. The ultrasonic sensor has also been fooled by tech reviewers, according to Reuters. Samsung has instructed users to delete their fingerprint template and re-enroll their biometrics after updating their devices.
“Samsung Electronics takes the security of products very seriously and will make sure to strengthen security through continuing improvement and updates to enhance biometric authentication functions,” the company told customers through its Korean app, as it began rolling out the over-the-air (OTA) update.