Days after the announcement that the new Samsung Galaxy S10 will integrate a cryptocurrency wallet, the said wallet has been reportedly hacked, implying that the Samsung Galaxy S10 is apparently a lot less secure than intended.
Samsung announced that its latest S10 model would integrate a secure blockchain wallet that can store private keys for crypto assets, during February this year. However, the excitement caused in the market due to the news has had been halted by a new video posted on Imgur that illustrates how darkshark, a security researcher and a hacker bypassed the mobile device’s biometric security system to unlock the phone.
darkshark shows an elaborate scheme on how the phone’s built-in ultrasonic fingerprint sensor can be fooled via a by using a 3D model of a fingerprint. The whole of the printing process took approximately 13 minutes to print after an even longer process that involves photographing an original fingerprint, doctoring the image in Photoshop, creating a 3D model and, finally, printing it.
According to darkshark, he used his smartphone to photograph his own fingerprint that was left on a wine glass.
“It took me 3 reprints trying to get the right ridge height (and I forgot to mirror the fingerprint on the first one) but yeah, 3rd time was the charm. The 3D print will unlock my phone… in some cases just as well as my actual finger does.
This brings up a lot of ethics questions and concerns. There’s nothing stopping me from stealing your fingerprints without you ever knowing, then printing gloves with your fingerprints built into them and going and committing a crime. If I steal someone’s phone, their fingerprints are already on it. I can do this entire process in less than 3 minutes and remotely start the 3d print so that it’s done by the time I get to it. Most banking apps only require fingerprint authentication so I could have all of your info and spend your money in less than 15 minutes if your phone is secured by fingerprint alone.”
darkshark further cautioned users that:
“If I stole your phone…your fingerprints are currently on it.”
“I actually distorted my fingerprints before posting this, so no, you can’t use this same technique against me lol.
This was just an experiment and I’m not going to dive much further into biometric physical hacking or anything. Just thought it was an interesting idea and it happened to work very well.”
Image source – Stock Photo Secrets