Samsung Intelligent Fingerprint Scan Being Fool Again

Blake Nov 01, 2019
496

Earlier this month, according to The Sun reported that the Samsung Galaxy S10's in-display fingerprint sensor has a security flaw. Some silicone screen protectors may confuse the ultrasonic fingerprint sensor. If you currently use this kind of covers, please refrain from using it until your device has been updated with a new software patch, according to Samsung's official statement.


Earlier this month, according to The Sun reported that the Samsung Galaxy S10's in-display fingerprint sensor has a security flaw. Some silicone screen protectors may confuse the ultrasonic fingerprint sensor. If you currently use this kind of covers, please refrain from using it until your device has been updated with a new software patch, according to Samsung's official statement.

Statement from Samsung

What happened?


Samsung Intelligent Fingerprint Scan Being Fool Again

Photo by The Sun


Samsung Intelligent Fingerprint Scan Being Fool Again

Screenshot from twitter

A British user complained that her Galaxy S10's fingerprint recognition system got confused after a silicone screen protector was applied. Those fingerprints that have not been recorded can also unlock the phone. What's worse, they could also log into some private Bank APPs and perform operations. At least three banks operating in the UK have decided to temporarily suspend their mobile banking services for Samsung Galaxy S10 users. These are not the only financial institutions that took steps to protect their customers.


 A British user complained that her Galaxy S10's fingerprint recognition system got confused after a silicone screen protector was applied. Those fingerprints that have not been recorded can also unlock the phone. What's worse, they could also log into some private Bank APPs and perform operations. At least three banks operating in the UK have decided to temporarily suspend their mobile banking services for Samsung Galaxy S10 users. These are not the only financial institutions that took steps to protect their customers.

Photo by darkshark

However, this is not the first time that the S10 has had problems with fingerprints. Earlier this year, The Imgur blogger darkshark had successfully fooled the ultrasonic fingerprint sensor with the 3D print of his finger. He took photos of his fingerprints left on the surface of a wine glass and then used Photoshop to clean it up. He finally created a 3D model of his fingerprint patterns using 3DS Max.

The Fingerprint Recognition System Of Samsung

Now, let’s look inside the fingerprint recognition system of Samsung and find out the possible cause of the fingerprint issue mentioned above.
The Fingerprint Recognition System Of Samsung

Basic logic of fingerprint sensor

Software protection: feature point extraction algorithm

Currently, most fingerprint identification algorithm is realized by extracting and comparing key feature points, such as the overall structure of fingerprint, local bifurcation points, endpoints, breakpoints and so on. In this case, the ultrasonic fingerprint sensor of Samsung Galaxy S10 may come with a detection bug.


Software protection: feature point extraction algorithm

Detection method of biometric authentication

We suspect that the problem is probably related to the “threshold and learning mode setting” of the fingerprint learning algorithm. For the first case mentioned above, the system recorded the texture of silicone screen protector and the textured surface fooled the phone's biometric authentication system. Nowadays, the fingerprint identification module needs to satisfy more users and it is hard for module to balance the recognition rate and the pass rate. Samsung should make their best effort to strengthen security through continuous improvement and updates to enhance biometric authentication functions.

Hardware protection: trusted computing environment and resource isolation


Hardware protection: trusted computing environment and resource isolation

The best way to protect your private information on your phone is to build a trusted computing environment inside it. Each manufacturer has a different strategy for TEE isolation.


The best way to protect your private information on your phone is to build a trusted computing environment inside it. Each manufacturer has a different strategy for TEE isolation.

iPhone 8/8 Plus Fingerprint Boost IC Replacement

Since Apple A7, Apple has adopted a self-developed isolation system called Security Enclave. As a separate processor handling biometric information, the Enclave stores encryption keys used to lock down the biometric data. Thus makes it difficult for hackers to decrypt sensitive information without physical access to the device. Compared to Apple, Samsung adopted a completely different design in TEE isolation. The built-in mobile security platform Knox is applied to isolate sensitive data. Between the sensitive data storage and the main system, Samsung designed a fuse. The E-fuse will be set if the phone is booted or a swipe is detected. As thus, Samsung created a trusted computing environment physically.

What about other cell phone manufacturers?


Samsung Intelligent Fingerprint Scan Being Fool Again

Photo by the INQUIRER

Also in October Google came under fire for its Pixel 4 facial recognition unlock feature, which would unlock your phone, even if your eyes were closed. Google issued a media statement quickly that the glitch will be fixed in a software update that will be delivered in the “coming months.”

like

0

Comment

0

rewa
Write a comment
emoji
rewa
Comment
No Comments

No Comments

ABOUT REWA

REWA is a world leading electronics repair business solutions provider who was founded in 2008 in HongKong. We are committed to delivering one-stop services covering Sourcing Solution, Technical Support Solution as well as Recycle & Resell Solution.

FOLLOW REWA