- Someone has figured out how to spoof the Samsung Galaxy S10's ultrasonic fingerprint sensor.
- It involves a photo of a fingerprint, Adobe Photoshop, 3D printing software, and a 3D printer, and it seems incredibly easy to do.
- Fingerprint sensors, no matter how new the technology, have proven relatively easy to hack so far, posing concerns for security and privacy.
- Visit Business Insider's homepage for more stories
A Galaxy S10 owner with a 3D printer and a photo of his own fingerprint was able to spoof the ultrasonic in-display fingerprint sensor on his smartphone - and he said he can do it in "15 minutes."
Reddit user "u/darkshark9" took a photo of his own fingerprint from a wine glass, edited the photo in Photoshop to highlight his fingerprint's ridges, put the photo into his 3D printing software, and printed his fingerprint, complete with 3D ridges, onto a piece of plastic using his 3D printer. You can check out all the redditor's photos of the process on Imgur.
The redditor says the printing time takes 13 minutes.
The redditor said that the Galaxy S10's ultrasonic fingerprint sensor needs capacitive input, which means he needed to press the plastic 3D-printed version of his fingerprint onto the fingerprint sensor itself with a part of his hand, like his knuckle or fingertip. Simply placing the plastic piece onto the Galaxy S10's fingerprint sensor doesn't work.
Check it out in action:
One commenter on a separate Instagram post about the spoof said: "I've had copies of keys made for doors and they unlocked the lock too." In a way, 3D printing a fingerprint to unlock a phone with an ultrasonic fingerprint sensor isn't dissimilar to getting keys replicated for a door lock.
The redditor said that he could obtain a fingerprint from any phone, even if it was stolen, as the owner's fingerprints are likely all over the phone and could be photographed to be 3D printed.
Given how easy it is to spoof fingerprint sensors, the redditor's discovery poses a worrying prospect. Anyone with a 3D printer and a little know-how could unlock a phone. Even sensitive apps that use fingerprints to unlock can be spoofed, like a banking app.
Indeed, the redditor said: "I could likely go from phone stolen to working 3d print in 10 minutes or less. Since you'd need to go home to report the theft (since you no longer have a phone) and begin the remote lock/wipe process I'd bet money that I could use your phone/bank account before you were able to close it."
At the end of the day, the redditor said, he did this as an experiment and to highlight that fingerprint sensors aren't a safe method to lock your phone. Older types of fingerprint sensors have also been hacked before with putty. Some researchers have even simply printed out out a high-resolution photograph of a fingerprint onto paper to unlock a phone.
Perhaps the most secure method to lock your phone is with 3D facial recognition, like the iPhone's Face ID feature. But even Face ID can be hacked with a custom mask. Still, making a custom mask is a far more involved process than 3D printing a fingerprint onto a piece of plastic.