Samsung Galaxy S10 fingerprint sensor defeated by a $ 450 3D printer

This year, in the world of fingerprint sensors for smartphones, Qualcomm's built-in ultrasonic digital fingerprint reader, the 3D sonic sensor, is expected to be widely adopted. The first phone with the new sensor, the Samsung Galaxy S10, has been in the wild for about a few weeks now, and users are already looking for ways to defeat it.

Imgur user "darkshark" presents a convincing way to outsmart the sensor: take a fingerprint on an object like a wine glass, add depth to a 3D editing software, and then print it on a 3D printer. Specifically, darkshark used the Anycubic Photon 3D printer, a resin-based stereolithographic printer that can be purchased for less than $ 450. (You could buy two at the price of a Galaxy S10 +!) A video in the Imgur post shows the unlocking of the S10 with the facsimile of the printed finger, which looks a bit like a glass microscope slide.

Fingerprint sensors work by measuring and storing the ridges and troughs of your finger. Various types of smartphones have been integrated over the years. The most common is a "capacitive" sensor, which is an opaque camera-mounted sensor located at the back of most Android phones. These sensors would measure the electrical capacity of your finger, allowing it to detect the peaks and troughs of your finger by changing the electrical charge on the pad. Since it is difficult to replicate the electrical qualities of human skin at home, especially with the level of detail of a fingerprint, capacitive fingerprint sensors are the most difficult to crack on the plane. logistics.

The move to on-screen fingerprint readers means that we have two new sensor technologies on the market: optical and ultrasonic. An optical fingerprint sensor, especially bundled with the OnePlus 6T, works exactly as its name suggests: there is a CMOS chip on the screen that takes a picture of your finger. As it is an image, it is a 2D representation of your fingerprint and most people have the means to reproduce 2D images at home. Ultrasonic fingerprint readers emit a sound with your finger and measure what comes back to the phone. This technology is considered safer than optics because it requires a 3D scan of the fingertips.

Apparently, the Qualcomm sensor does not do much with the third dimension because darkshark claims that a 2D photo of a fingerprint left on a wine glass contained all the dimensionality needed to deceive the sensor. It makes sense that the third dimension is not so important: it will change constantly when you crush your finger against the glass of the screen with different pressure levels.

Any biometric technology can be deceived, it is simply the logistical difficulty of obtaining the source data and reproducing it. Taking a photo of a fingerprint and reproducing it with a consumer printer is one of the most plausible solutions. Impossible missionstyle of embers. On the less plausible end, we have something like the dubious claims of building a whole life-sized head to fool Apple's Face ID. Whether these sophisticated and targeted identity theft attacks can deceive these technologies, it is not the issue that matters – that it is not biometrics. They are there only to find a balance between security and convenience, enough to deter street theft or prevent indiscreet information from your personal data. If you really think that it is possible that someone uses this advanced spycraft on your phone in real life, simply use a very long password instead.