Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Android Printer Security

Samsung's Galaxy S10 Fingerprint Sensor Fooled By 3D Printer (theverge.com) 42

Posted by BeauHD from the April-fools dept.
A Samsung Galaxy S10 user has managed to fool the in-display fingerprint reader on his smartphone using a 3D print of his fingerprint. The Verge reports: In a post on Imgur, user darkshark outlined his project: he took a picture of his fingerprint on a wineglass, processed it in Photoshop, and made a model using 3ds Max that allowed him to extrude the lines in the picture into a 3D version. After a 13-minute print (and three attempts with some tweaks), he was able to print out a version of his fingerprint that fooled the phone's sensor.

The Galaxy S10's fingerprint sensor doesn't rely on a capacitive fingerprint scanner that's been used in other versions of the phone, using instead an ultrasonic sensor that's apparently more difficult to spoof. darkshark points out that it didn't take much to spoof his own fingerprint. A concern, he notes, is that payment and banking apps are increasingly using the authentication from a fingerprint sensor to unlock, and all he needed to get into his phone was a photograph, some software, and access to a 3D printer. "I can do this entire process in less than 3 minutes and remotely start the 3d print so that it's done by the time I get to it," he writes.
This discussion has been archived. No new comments can be posted.

Samsung's Galaxy S10 Fingerprint Sensor Fooled By 3D Printer More

Samsung's Galaxy S10 Fingerprint Sensor Fooled By 3D Printer

Comments Filter:
  • this guy unlocked an S10 with the video of himself on another phone
    https://www.youtube.com/watch?... [youtube.com]

  • And yet, I am unmoved. It doesn't matter (Score:4, Insightful)

    by mschuyler ( 197441 ) on Monday April 08, 2019 @06:22PM (#58406934) Homepage Journal

    Any key and lock can be broken. All any lock does is keep most of the people out most of the time. It's a first level of security that is perfectly adequate for most people. It's not like my Samsung contains nuclear launch codes. In fact, it contains nothing at all very useful, even to me. I'm not too concerned that someone with a 3D printer will take the trouble to find my fingerprint (1 in 10 chance there, buddy) and do the necessary transformations to be able to unlock my phone for no good reason. That's a whole lot of work for nothing gained.

    • So you are unimportant and nobody cares about you. And you do not care about your privacy.

      Seems like I summed that up well.

    • Re: (Score:3, Insightful)

      by XArtur0 ( 5079833 )

      >Any key and lock can be broken.
      That's why, as broken as it is, passwords are still king.

      You can create a secure Password, you cant create a (more) secure fingerprint.
      You can optimize the detection mechanism, but that's about it.

      Retinal scan still the best if you want a biometric authentication method.
      Face and finger print are a joke.
      (and retinal scan is only better because you don't leave your retinal pattern on every surface you see, but still vulnerable to high-resolution photography).

      The problem with

  • In other words... (Score:5, Insightful)

    by Livius ( 318358 ) on Monday April 08, 2019 @06:41PM (#58406998)

    He fooled a fingerprint reader using... an exact reproduction of his fingerprint. On the fourth try.

    That seems incredibly unsurprising.

    • When I'm someday a reclusive billionaire, someone will do this by extracting my fingerprints from doorknobs with tape. It's just a matter of time and lottery tickets.

      • When I'm someday a reclusive billionaire, someone will do this by extracting my fingerprints from doorknobs with tape

        Or they will find a way to steal fingerprint info from a database. With more applications using fingerprints, it is unavoidable that your fingerprint info will be stored in multiple locations, and it is a single breach away from ending up in the wild. For eternity.

    • and in organic chemistry most of us have fooled with polymer making that could duplicate our fingertip from a clay impression in 1/6 the time as a 3D printer

      3D printing plastic, the most expensive and time consuming way to make something out of plastic....

    • The ultrasonic sensor was claimed to be immune to this kind of spoof. Supposedly they could tell if the print had layers to it (the way human skin does and a 3D print does not). The news here is that the sensor does not do what Samsung claims.

    • and all he needed to get into his phone was a photograph, some software, and access to a 3D printer

      So basically nothing! He's more powerful than the mythic techniques of McGuyver!

  • Amputation (Score:3)

    by kenai_alpenglow ( 2709587 ) on Monday April 08, 2019 @08:58PM (#58407536)
    So, since it doesn't care if the finger is live or dead unlike the newer fingerprint readers, wouldn't it be quicker & easier to just cut off the owner's finger like we used to?

  • Too bad it wasn't using biometrics like old so-called "fingerprint" scanners do. They say "fingerprint" but what they really meant was "biometrics" including electrical measurements, not the actual, physical fingerprint.

    Using the measurements, like oxygen saturation (which the phones have been doing for over a decade) in addition to the fingerprint were the right idea then.

    • Once someone has a 3D model of your finger, I wouldn't count on oxygen saturation or impedance to save your ass. I'm sure that clever hackers can figure out a way to fool those too.

  • ...if you hack the login autentication method, the device self-destroys.
  • Welcome to "spy tricks you see in movies all the time." Who could have imagined this possible?!

    /s

  • You can fool any phone's fingerprint sensor with a simple rip of a fingerprint. So what would be so special about this one?
    This isn't anything special, except the media needing some nice story which seems sensational, even though it isn't.
    So nothing to see we already didn't know.. And I'm pretty sure it didn't take him 3 minutes to do it.

    • Re: (Score:2)

      by tlhIngan ( 30335 )

      You can fool any phone's fingerprint sensor with a simple rip of a fingerprint. So what would be so special about this one?
      This isn't anything special, except the media needing some nice story which seems sensational, even though it isn't.
      So nothing to see we already didn't know.. And I'm pretty sure it didn't take him 3 minutes to do it.

      Easy, because this phone has the sensor underneath the screen. So instead of most Android phones having the sensor on the back of the phone, you can place your thumb on the

    • Comment removed based on user account deletion
      • No, but you can do it with a simple tape with the copy of the fingerprint attached to your finger...

Slashdot Top Deals

Whoever dies with the most toys wins.

Close