Slashdot Mirror

← Back to Stories (view on slashdot.org)

Samsung's Galaxy S10 Fingerprint Sensor Fooled By 3D Printer (theverge.com)

Posted by BeauHD on from the April-fools dept.

A Samsung Galaxy S10 user has managed to fool the in-display fingerprint reader on his smartphone using a 3D print of his fingerprint. The Verge reports: In a post on Imgur, user darkshark outlined his project: he took a picture of his fingerprint on a wineglass, processed it in Photoshop, and made a model using 3ds Max that allowed him to extrude the lines in the picture into a 3D version. After a 13-minute print (and three attempts with some tweaks), he was able to print out a version of his fingerprint that fooled the phone's sensor.

The Galaxy S10's fingerprint sensor doesn't rely on a capacitive fingerprint scanner that's been used in other versions of the phone, using instead an ultrasonic sensor that's apparently more difficult to spoof. darkshark points out that it didn't take much to spoof his own fingerprint. A concern, he notes, is that payment and banking apps are increasingly using the authentication from a fingerprint sensor to unlock, and all he needed to get into his phone was a photograph, some software, and access to a 3D printer. "I can do this entire process in less than 3 minutes and remotely start the 3d print so that it's done by the time I get to it," he writes.

4 of 42 comments (clear)

  1. And yet, I am unmoved. It doesn't matter by mschuyler · · Score: 3, Insightful

    Any key and lock can be broken. All any lock does is keep most of the people out most of the time. It's a first level of security that is perfectly adequate for most people. It's not like my Samsung contains nuclear launch codes. In fact, it contains nothing at all very useful, even to me. I'm not too concerned that someone with a 3D printer will take the trouble to find my fingerprint (1 in 10 chance there, buddy) and do the necessary transformations to be able to unlock my phone for no good reason. That's a whole lot of work for nothing gained.

    --
    How about a moderation of -1 pedantic.
    1. Re:And yet, I am unmoved. It doesn't matter by XArtur0 · · Score: 3, Insightful

      >Any key and lock can be broken.
      That's why, as broken as it is, passwords are still king.

      You can create a secure Password, you cant create a (more) secure fingerprint.
      You can optimize the detection mechanism, but that's about it.

      Retinal scan still the best if you want a biometric authentication method.
      Face and finger print are a joke.
      (and retinal scan is only better because you don't leave your retinal pattern on every surface you see, but still vulnerable to high-resolution photography).

      The problem with passwords is that you never know what the backend is doing with the plain-text version.
      (And stupid people who use stupid passwords)

    2. Re:And yet, I am unmoved. It doesn't matter by religionofpeas · · Score: 3, Insightful

      You can create a secure Password, you cant create a (more) secure fingerprint.

      Also, if your password is compromised, you can pick a new one.

      And, most critically, you can pick a different password for each application.

  2. In other words... by Livius · · Score: 4, Insightful

    He fooled a fingerprint reader using... an exact reproduction of his fingerprint. On the fourth try.

    That seems incredibly unsurprising.