A major security vulnerability has been discovered on the Galaxy S10 and Note 10 series that allows one to bypass the fingerprint scanner even if their fingerprint is not registered with the device. This happens when certain gel-based screen protectors are applied on the Galaxy S10’s display.
The Galaxy S10 and Note 10 series feature an ultrasonic in-display fingerprint scanner that is very different from the optical in-display fingerprint scanner found on the likes of the OnePlus 7 Pro and Huawei P30 Pro. One of the limitations of an ultrasonic fingerprint scanner is that it does not work with third-party tempered screen protectors. This is the reason why Samsung sells these phones with a screen protector pre-applied.
However, most users do end up replacing the default screen protector and as one user found out, using a cheap gel-based screen protector is actually not good from a security viewpoint.
A Galaxy S10 owner in the UK got a cheap £2.70 screen protector from eBay for her Galaxy S10 and later discovered that her husband was able to access her phone by scanning his thumbs even though his fingerprint was not registered. This happens because gel-based screen protectors leave a small gap between the display and the scanner which ends up interfering with the scanning process.
Samsung has already acknowledged the issue and while it has put the blame on the cheap screen protector, it promises to resolve the issue with a future software update. While the issue occurred with the Galaxy S10, it is also applicable for the Galaxy Note 10 since it also features the same ultrasonic fingerprint scanner.
When the Galaxy S10 was first launched, Samsung highlighted its ultrasonic in-display fingerprint scanner as being more secure than the competition. However, the fingerprint scanner was widely panned for being slow and as this incident shows, it does not really seem to offer much in terms of security as well.[Via BBC]