Slashdot Mirror

← Back to Stories (view on slashdot.org)

Samsung's Galaxy S10 Fingerprint Sensor Fooled By 3D Printer (theverge.com)

Posted by BeauHD on from the April-fools dept.

A Samsung Galaxy S10 user has managed to fool the in-display fingerprint reader on his smartphone using a 3D print of his fingerprint. The Verge reports: In a post on Imgur, user darkshark outlined his project: he took a picture of his fingerprint on a wineglass, processed it in Photoshop, and made a model using 3ds Max that allowed him to extrude the lines in the picture into a 3D version. After a 13-minute print (and three attempts with some tweaks), he was able to print out a version of his fingerprint that fooled the phone's sensor.

The Galaxy S10's fingerprint sensor doesn't rely on a capacitive fingerprint scanner that's been used in other versions of the phone, using instead an ultrasonic sensor that's apparently more difficult to spoof. darkshark points out that it didn't take much to spoof his own fingerprint. A concern, he notes, is that payment and banking apps are increasingly using the authentication from a fingerprint sensor to unlock, and all he needed to get into his phone was a photograph, some software, and access to a 3D printer. "I can do this entire process in less than 3 minutes and remotely start the 3d print so that it's done by the time I get to it," he writes.

8 of 42 comments (clear)

  1. And yet, I am unmoved. It doesn't matter by mschuyler · · Score: 3, Insightful

    Any key and lock can be broken. All any lock does is keep most of the people out most of the time. It's a first level of security that is perfectly adequate for most people. It's not like my Samsung contains nuclear launch codes. In fact, it contains nothing at all very useful, even to me. I'm not too concerned that someone with a 3D printer will take the trouble to find my fingerprint (1 in 10 chance there, buddy) and do the necessary transformations to be able to unlock my phone for no good reason. That's a whole lot of work for nothing gained.

    --
    How about a moderation of -1 pedantic.
    1. Re:And yet, I am unmoved. It doesn't matter by XArtur0 · · Score: 3, Insightful

      >Any key and lock can be broken.
      That's why, as broken as it is, passwords are still king.

      You can create a secure Password, you cant create a (more) secure fingerprint.
      You can optimize the detection mechanism, but that's about it.

      Retinal scan still the best if you want a biometric authentication method.
      Face and finger print are a joke.
      (and retinal scan is only better because you don't leave your retinal pattern on every surface you see, but still vulnerable to high-resolution photography).

      The problem with passwords is that you never know what the backend is doing with the plain-text version.
      (And stupid people who use stupid passwords)

    2. Re:And yet, I am unmoved. It doesn't matter by religionofpeas · · Score: 3, Insightful

      You can create a secure Password, you cant create a (more) secure fingerprint.

      Also, if your password is compromised, you can pick a new one.

      And, most critically, you can pick a different password for each application.

  2. In other words... by Livius · · Score: 4, Insightful

    He fooled a fingerprint reader using... an exact reproduction of his fingerprint. On the fourth try.

    That seems incredibly unsurprising.

    1. Re:In other words... by iggymanz · · Score: 2

      and in organic chemistry most of us have fooled with polymer making that could duplicate our fingertip from a clay impression in 1/6 the time as a 3D printer

      3D printing plastic, the most expensive and time consuming way to make something out of plastic....

  3. Amputation by kenai_alpenglow · · Score: 2

    So, since it doesn't care if the finger is live or dead unlike the newer fingerprint readers, wouldn't it be quicker & easier to just cut off the owner's finger like we used to?

  4. Too bad it was using biometrics like old scanners by kriston · · Score: 2

    Too bad it wasn't using biometrics like old so-called "fingerprint" scanners do. They say "fingerprint" but what they really meant was "biometrics" including electrical measurements, not the actual, physical fingerprint.

    Using the measurements, like oxygen saturation (which the phones have been doing for over a decade) in addition to the fingerprint were the right idea then.

    --

    Kriston

  5. Re:In other words... AntMan! by religionofpeas · · Score: 2

    When I'm someday a reclusive billionaire, someone will do this by extracting my fingerprints from doorknobs with tape

    Or they will find a way to steal fingerprint info from a database. With more applications using fingerprints, it is unavoidable that your fingerprint info will be stored in multiple locations, and it is a single breach away from ending up in the wild. For eternity.