Click to Skip Ad
Closing in...

Galaxy S10 has a huge security flaw that lets any fingerprint unlock your phone

Published Oct 17th, 2019 7:31AM EDT
Galaxy S10 Fingerprint
Image: Zach Epstein, BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Anyone who’s keeping close tabs on mobile rumors might remember there was a time before the launch of the Galaxy S10 when reports insisted on the fact that the first smartphone in the world to feature an in-display fingerprint sensor of the optical variety will not work with screen protectors. We saw several leaks that showed screen protectors featuring a circular cutout where the fingerprint sensor would be. Samsung then made it clear that the optical sensor does work with screen protectors, but these accessories need to be certified by Samsung. The implication here was that some third-party screen protectors might make fingerprint recognition harder or impossible. It turns out there was some truth to all of that. Products that aren’t certified by Samsung can mess with the fingerprint recognition system, but in a way we didn’t see coming. Apparently, any fingerprint can unlock the phone, not just the one that’s registered with the handset. Samsung is aware of this massive security issue, and it’s working on a patch.

A British Galaxy S10 owner discovered that her Galaxy S10 can be unlocked by her husband, even though his fingerprints were not registered with the handset. Reuters explains that the issue is apparently caused by a third-party screen protector:

The issue can happen when patterns of some protectors that come with silicone phone cases are recognized along with fingerprints, the South Korean tech giant said in a notice on its customer support app.

South Korean bank KaKaobank instructed customers who own Galaxy S10 phones to stop using the fingerprint sensor to log into its services until the issue is fixed.

If anyone can log into a Galaxy S10 with such ease, then they’d also be able to “hack” the victim’s various accounts that might be secured with biometrics.

As serious as the Issue is, several conditions have to be met for anyone to be hurt. Not only will someone else need to get a hold of your device, but they’ll have to install an unsupported screen protector to then attempt to break into your phone. On the other hand, this particular security issue makes it a lot easier for thieves to potentially target Galaxy S10 owners. If all you need to get into a locked phone is a lousy screen protector, then you could easily disable the handset’s tracking features. Similarly, police could get into phones that may contain evidence without needing to pay for sophisticated hacks.

Samsung will soon roll out a software patch that will fix these problems, Reuters says. The company also told Engadget that it’s investigating the matter, advising customers to only use authorized accessories that were designed for Samsung products.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2007. When he’s not writing about the most recent tech news for BGR, he closely follows the events in Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming new movies and TV shows, or training to run his next marathon.