In brief: Smartphones are becoming increasingly advanced, with more resources being poured into improving their security features. But after a Galaxy S10 owner showed he could access his handset using a 3D-printed fingerprint, it appears some devices aren’t as safe as manufacturers would have you believe.
An Imgur post by user Darkshark explained how he was able to complete this feat. The initial step involved taking a photo of his fingerprint on the side of a wineglass using his smartphone. He then tinkered with the image on Photoshop and exported it over to 3ds Max, where he created a 3D model showing all the print’s fine details.
The final image was exported into some 3D-printing software and the physical model printed out in just 13 minutes. Darkshark admits that it took three attempts to get the ridge heights correct, but he finally created something that tricked the Galaxy S10’s ultrasonic sensor, which Samsung says is more secure than capacitive scanners.
I attempted to fool the new Samsung Galaxy S10's ultrasonic fingerprint scanner by using 3d printing. I succeeded.
Darkshark points out that being able to spoof fingerprints is especially worrying when many banking apps require only fingerprint authorization. “If I steal someone’s phone, their fingerprints are already on it,” he said. “I can do this entire process in less than 3 minutes and remotely start the 3d print so that it’s done by the time I get to it. Most banking apps only require fingerprint authentication so I could have all of your info and spend your money in less than 15 minutes if your phone is secured by fingerprint alone.”
This isn’t the first time we’ve seen such methods used to fool supposedly secure authentication systems. Apple’s Face ID has been tricked by 3D-printed masks, while an older version of Windows Hello could be bypassed using a photo. And back in 2016, Michigan police used a 3D model of a murder victim’s fingers to unlock their smartphone.