A Reddit user claims to have fooled the ultrasonic fingerprint scanner on the Samsung Galaxy S10 using a 3D printed image.
Reddit user darkshark9 posted a video on imgur of what appears to be them pressing a small sheet of a 3D printed image against the phone’s fingerprint scanner and subsequently unlocking the device.
The researcher said he cracked the authentication on the device in just over 10 minutes using a picture of his fingerprint from a wine glass that was processed in Photoshop and then made into a model using 3ds Max to bring out the lines in the picture to make a 3D version.
The 3D scanner is considered more secure than fingerprint scanners on other versions of the phone because it uses an ultrasonic sensor that’s more difficult to spoof.
Ryan Wilk, vice president of customer success for NuData Security, said that while his research illustrates a way to get around physical biometrics, it would take a herculean effort to replicate this attack user by user and can’t be executed for mass scale impersonations.
“In any case, no security tool should be used as a standalone method for authorization. It takes a layered defense to provide a high degree of security so that if a bad actor gets around one layer of defense, there are more layers to detect an imposter and block any activity,” Wilk said.
“Physical biometrics mixed with passive biometrics and device intelligence use hundreds of identifiers and, together, build a strong profile of the user behind a device, ensuring it is the right human behind it at every step of the way.”
SC Media attempted to reach out to Samsung for comment but has yet to get a response from the device manufacturer.