One of the hallmark features of Samsung’s new Galaxy S10, Galaxy S10+and Galaxy S10 5Gsmartphones are their use of in-display ultrasonic fingerprint readers. These newfangled sensors replace the tried and true optical fingerprint sensors that have been positioned on the backs of Samsung flagships for the past few generations.
While Samsung touts the ease-of-use and security of this newest biometric authentication system, one person was able to defeat the system with an admittedly relatively laborious workaround. A researcher who goes by darkshark9 was able to trick the Galaxy S10’s ultrasonic fingerprint sensor with a well thought out facsimile.
Before we go further, we should explain that ultrasonic sensor can create a virtual 3D image of your fingerprint using high-frequency sound waves. This allows the sensor to capture incredibly minute details and ridges in your fingertips rather than the 2D image captured by a traditional sensor. In practice, it should offer a more secure more method of authentication for a device.
Darkshark9 first took a picture of a fingerprint that he left behind on the side of a wine glass. He then opened the image in Photoshop, increased the contrast and created an alpha mask. From there, he ported the file over to 3ds Max where he was able to use geometry displacement to create a stunningly accurate, raised 3D model of his captured fingerprint.
He next used an AnyCubic Photon LCD resin printer to make a useable “fingerprint” to fool the Galaxy S10’s reader (the printer is accurate to within 10 microns). If you follow the source link, you can also watch a quick video showing the smartphone being unlocked with the 3D printout.
We shouldn’t be too surprised to see a workaround for Samsung’s ultrasonic fingerprint sensor. Optical sensors have been fooled in the past by researchers (and everyday people), and even Apple’s Face ID biometric system isn’t completely foolproof.
In everyday practice, while we doubt that someone would go through such trouble just to gain access to your smartphone (unless you’re some high-profile target), just think of the fingerprint reader as more of a convenience feature than a vault-like security system for your personal data.