3D-printed fingerprint able to fool the Galaxy S10's sensor

[midian182]

In brief: Smartphones are becoming increasingly advanced, with more resources being poured into improving their security features. But after a Galaxy S10 owner showed he could access his handset using a 3D-printed fingerprint, it appears some devices aren’t as safe as manufacturers would have you believe.

An Imgur post by user Darkshark explained how he was able to complete this feat. The initial step involved taking a photo of his fingerprint on the side of a wineglass using his smartphone. He then tinkered with the image on Photoshop and exported it over to 3ds Max, where he created a 3D model showing all the print’s fine details.

The final image was exported into some 3D-printing software and the physical model printed out in just 13 minutes. Darkshark admits that it took three attempts to get the ridge heights correct, but he finally created something that tricked the Galaxy S10’s ultrasonic sensor, which Samsung says is more secure than capacitive scanners.

I attempted to fool the new Samsung Galaxy S10's ultrasonic fingerprint scanner by using 3d printing. I succeeded.

Darkshark points out that being able to spoof fingerprints is especially worrying when many banking apps require only fingerprint authorization. “If I steal someone’s phone, their fingerprints are already on it,” he said. “I can do this entire process in less than 3 minutes and remotely start the 3d print so that it’s done by the time I get to it. Most banking apps only require fingerprint authentication so I could have all of your info and spend your money in less than 15 minutes if your phone is secured by fingerprint alone.”

This isn’t the first time we’ve seen such methods used to fool supposedly secure authentication systems. Apple’s Face ID has been tricked by 3D-printed masks, while an older version of Windows Hello could be bypassed using a photo. And back in 2016, Michigan police used a 3D model of a murder victim’s fingers to unlock their smartphone.

Permalink to story.

https://www.techspot.com/news/79553-3d-printed-fingerprint-able-fool-galaxy-s10-sensor.html

 

[QuantumPhysics]

Regardless the spoofability, Touch ID was still more secure and more efficient than Face ID. Face ID actually slows down your access of the phone because you must raise the phone to see your face before it unlocks.

Touch ID was so fast it could unlock as you were taking it out of your pocket.

The 6s' Touch Id was so fast they actually felt they had to slow it down in the 7 because people were unlocking before they could see their notifications.

Any security measure can be beaten, but I seriously doubt there are enough people out there with 3dPrinters to threaten Touch ID users. The first thing they'd need is access to the fingerprint. The second thing they'd need is access to the phone. Unless you come up against a persistent, targeted assault, I just don't see that as likely.

 

[Cycloid Torus]

Sounds like a defense trick at a murder trial. I guess the FBI will have to find some other way to link to a crime.

 

[OutlawCecil]

More non news. So I if I lost my phone, all the thief needs to do is map out my specific fingerprint and own a high-accuracy 3D printer and boom, he can unlock my phone? seriously? Unless I lost my phone and happened to leave my lopped off finger with it, who cares?!

 

[Uncle Al]

The simple facts are undisputed. The technology that brings advances can be used to overcome those very advances, thus the term "counterintelligence". There is nothing singularly that a person has that cannot be duplicated in some form or fashion. Even multiple entry points can eventually be defeated. It appears that the only way to slow it down (doubtful it will every stop) would be to enact laws and penalties so severe that people are more scared of being caught.

 

[kevbev89]

Kind of off topic, but the samsung s10's in-screen fingerprint sensor is pretty atrocious. I've updated my phone and took off the default screen protector, and the accuracy is still only like 70% (or less at times, depending on Sammy's mood).

 

[Lew Zealand]

More non news. So I if I lost my phone, all the thief needs to do is map out my specific fingerprint and own a high-accuracy 3D printer and boom, he can unlock my phone? seriously? Unless I lost my phone and happened to leave my lopped off finger with it, who cares?!

The took a photo of a fingerprint on a wine glass. Glass. Like the glass covering, say, a phone. Which will have the user's grubby fingerprints all over it.

They don't need a useless severed finger, all they need is the phone and a good 3D printer.

 

[Kibaruk]

More non news. So I if I lost my phone, all the thief needs to do is map out my specific fingerprint and own a high-accuracy 3D printer and boom, he can unlock my phone? seriously? Unless I lost my phone and happened to leave my lopped off finger with it, who cares?!

The took a photo of a fingerprint on a wine glass. Glass. Like the glass covering, say, a phone. Which will have the user's grubby fingerprints all over it.

They don't need a useless severed finger, all they need is the phone and a good 3D printer.

I mean if it's really a targeted attack there is no amount of layers of security that can actually prevent it from happening.

The took a photo of a fingerprint on a wine glass. Glass. Like the glass covering, say, a phone. Which will have the user's grubby fingerprints all over it.

How about using a rugged or rubbery (Mine is textured and not glossy) case and your middle finger to unlock it (Or other?), that way your index won't be picked by the screen and you are not really holding something glossy that will pick it anyway.

 

[LenovoX]

I gotta take care of my fingers... I don't wan'em to be scanned!!!