Thursday, March 28, 2024

Samsung Galaxy S10’s Fingerprint Scanner Hacked Using 3D Printed Fingerprint

A security flaw in Samsung’s Galaxy S10 ultrasonic biometric fingerprint scanner can be bypassed by just having the duped 3D Printed Fingerprint of the mobile owner.

The ultrasonic fingerprint scanner comes with S10 and S10+ models, it offers additional security and it captures a 3D image when the traditional security scanners capture only a 2D one.

Samsung claims this won’t let anyone compromise that smartphone ever they have a 3D map of your fingerprint. But now the researcher’s proven that fingerprint scanner can be fooled by using a 3D-printed fingerprint.

How Fingerprint Scanner Hacked

An Imgur user, go by name darkshark published a video explaining how he fooled he the Fingerprint Scanner to gain access to the phone.

He took a photograph of his fingerprint from the side of a wine glass with his smartphone. He then uses Photoshop to remove the areas and leave only the Fingerprint.

Then to create a 3D model of the fingerprint, he imported the image to 3DS Max software to create a 3D model and printed it on a piece of resin with the AnyCubic Photon LCD printer.

This resulted in a square piece of resin containing a 3D model of the fingerprint that successfully opened the Samsung’s Galaxy S10.

In order to execute the attack all you need is to have the physical access to phone and the fingerprint of the owner. The attack scenario poses a lot of security concerns, if someone steals the phone then they can unlock the device as the Fingerprints are already present.

“As most of the banking apps only require fingerprint authentication, all the information can be stolen and the money can be spent in less than 15 minutes if the phone is secured by fingerprint alone.” says darkshark.

Threat to viability of Samsung’s Fingerprint:

In a post about the Scanner, Samsung says that “With the new ultrasonic fingerprint ID technology, there are no tradeoffs!  but it also mentions that you don’t have to sacrifice user experience for security”.

To contrast, Samsung also claims in the same post that it uses “a machine learning algorithm to help detect the differences between real fingerprints and forged 3D replicas.”

But the method described by darkshark casts doubts on the viability of Samsung’s ultrasonic fingerprint scanner as a method of protecting the data.

Hopefully this will be addressed in future versions of these scanners or through software updates; for now, if your phone contains sensitive data, you should probably use a password instead.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Related Read

Android Security Update – Code Execution Flaw Let Hackers Control Your Android Device Remotely – Update Now

New Android Malware “BasBanke” Steal Financial Data Such as Credentials & Credit/Debit Card Numbers

Website

Latest articles

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles