Earlier this week, a Galaxy S10 user discovered that her husband was able to unlock her phone despite the fact that his fingerprint hadn’t been registered with the device. It turns out that the ultrasonic fingerprint sensor on the S10 can recognize the 3D patterns that appear on certain silicone screen protectors as fingerprints, which means that anyone can unlock the phone if the fingerprint was registered when the screen protector was on.
Once news of the issue began to spread, Samsung quickly notified the press that it was working to resolve the issue as quickly as possible, and on Friday, the South Korean company released a full statement.
In addition to confirming that a software update to address the issue will be out as early as next week, Samsung also suggested that anyone who uses a screen protector should remove it and re-scan their fingerprints:
To prevent any further issues, we advise that Galaxy Note10/10+ and S10/S10+/S10 5G users who use such covers to remove the cover, delete all previous fingerprints and newly register their fingerprints.
If you currently use front screen protective covers, to ensure optimum fingerprint scanning, please refrain from using this cover until your device has been updated with a new software patch.
A software update is planned to be released as early as next week, and once updated, please be sure to scan your fingerprint in its entirety, so that the all portions of your fingerprint, including the center and corners have been fully scanned.
We have written about workarounds and flaws affecting biometric security methods in the past, but this is among the more serious issues we’ve ever encountered. It’s impossible to know how many Galaxy S10 users this actually could have affected, but the fact that anyone was able to unlock the phones just because they made the mistake of using a crummy screen protector is stunning. Hopefully the technology will continue to improve.