Phone giant Samsung has been hit with another security breach after users found the Galaxy S10 model allows anyone to unlock the devices when covered in third-party screen protectors.
Now banks have withdrawn fingerprint authentication support on the smartphones after the glitch was revealed last week.
Natwest and Nationwide have withdrawn support after it was discovered that anyone was able to unlock devices – not just the device’s owner with their registered digit.
Owners of Samsung’s devices have been warned about the phone’s innovative in-display fingerprint reader when certain accessories are attached.
Samsung has confirmed the fingerprint bypass vulnerability is affecting Galaxy Note 10, Note 10+, S10, S10+, and S10 5G models. The company has promised to release a software update to fix the glitch soon. Users will then need to rescan their fingerprints.
Glitch
A British woman was the first to discover the glitch on her Samsung device. Mother Lisa Neilson said she purchased a £2.70 screen protector from eBay which exposed the flaw.
Speaking to The Sun, she said: “This means that if anyone got hold of my phone they can access it and within moments could be into the financial apps and be transferring funds.”
The S10’s in-display fingerprint reader was heralded as an “amazing” piece of kit when it was first launched.
One of the primary issues with the S10’s in-display reader is that it makes it difficult for screen protectors to operate.
One tech insider said that when a protector is positioned over the Qualcomm ultrasonic fingerprint reader, it appears to be in direct contact with the display, but “the adhesive used to keep it all together creates a very thin gap that is just thin enough to throw off the ultrasonic scanner.”
The issue is that the reader “uses sound pressure waves to read the 3D surface area of your finger—but those sound waves are a big problem when it comes to tempered glass screen protectors because if there are any gaps between your screen protector and your display, the ultrasonic waves can’t get an accurate reading.”
Manufacturers have now developed a cheap gel protector that seems to record user fingerprints to ensure the device unlocks each time. This means anyone can access an S10 device with the protector attached.
Banking
The software breach represents a problem for users of Samsung Pay, the payment app that runs on the device and connects to people’s regular bank accounts.
Nationwide has already disabled support for fingerprint authentication and Natwest has already removed its banking apps from the Google Play Store for users of Galaxy S10 and S10+ devices. Other banks, such as HSBC have not yet said what action, if any, they will take.
Natwest said in a message sent to affected users: “We’ve removed the app from the Play Store with customers with Samsung S10 devices.
“”This is due to reports that there are security concerns regarding these devices. We hope to have our app available again once the issue has been resolved.”
Banks worldwide are also taking action. Reddit users claimed that a bank in the US had blocked them from using Samsung Pay.
Samsung
Samsung that has since said that its ultrasonic scanners can mistakenly read 3D patterns within a screen protector as a fingerprint. That means when any fingerprint is pressed on the scanner, it will identify the same pattern and therefore unlock the phone, even if the individual’s print is different.
The company has cautioned that customers should use “Samsung authorized accessories, specifically designed for Samsung products.”
It has said it is working to solve the issue. The Samsung S10e is not affected. That’s because the device comes with a physical fingerprint reader on its side.
In a statement they said: “Samsung Electronics is aware of the case of the S10’s malfunctioning fingerprint recognition and will soon issue a software patch.”
They also said that S10 and Note 10 owners should remove any covers that can trick the sensor to restore their phone’s security.
“This issue involved ultrasonic fingerprint sensors unlocking devices after recognising 3-dimensional patterns appearing on certain silicone screen protecting cases as users’ fingerprints.
“To prevent any further issues, we advise that Galaxy Note10/10+ and S10/S10+/S10 5G users who use such covers to remove the cover, delete all previous fingerprints and newly register their fingerprints.”