Samsung came under fire yesterday after it was revealed that the under-the-display fingerprint reader used in its Galaxy S10 family of smartphones isn't as secure as previously thought. In fact, it was found that anyone could potentially unlock a Galaxy S10 smartphone using an unregistered fingerprint.
Now, Samsung has posted an official response to the uproar that followed the initial reporting on this major Galaxy S10 fingerprint security issue. The company tried to explain what's happening, writing, "This issue involved ultrasonic fingerprint sensors unlocking devices after recognizing 3-dimensional patterns appearing on certain silicone screen protecting cases as users’ fingerprints."
In other words, the imprint of rightful owner's fingerprint on the Galaxy S10 is seemingly captured by the screen protector. So, when someone else puts one of their digits over the sensor area, it is reading that original fingerprint.
In the case of Lisa and Wes Neilson which we reported on yesterday, Wes was able to unlock his wife's Galaxy S10 with either of his thumbs even though the smartphone was only registered to access Lisa's right thumb. "This means that if anyone got hold of my phone, they can access it and within moments could be into the financial apps and be transferring funds," explained Lisa. "It's a real concern."
So, what is Samsung's short-term solution to this security gaffe? Samsung recommends that you remove the screen protector, delete all fingerprints that have been registered on the device, and then register new fingerprints.
Samsung's long-term solution is to release a software patch next week that will hopefully resolve this embarrassing security goof.