قالب وردپرس درنا توس
Home https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ Technology https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ Samsung Galaxy S10 Fingerprint Scanner Hacked

Samsung Galaxy S10 Fingerprint Scanner Hacked




<div _ngcontent-c14 = "" innerhtml = "

Getty

One of the big new feature announcements with the launch of the Samsung Galaxy S1

0 smartphone was the all new 'in-display' fingerprint scanner for the S10 and S10 + models. It was not just the convenience of having the scanner built into the screen that was being pushed by Samsung, but the additional security offered by the ultrasonic fingerprint sensor rather than the traditional optical reader. This was, we were assured, capable of creating an intricate 3D map of your fingerprint which meant only you, and you alone, could unlock your phone. Now it seems that Samsung has just been proved wrong with a security investigator showing how he fooled the fingerprint scanner with a 3D-printed copy.

How does the ultrasonic fingerprint work?

The difference with the ultrasonic fingerprint scanner in the Galaxy S10 and S10 + smartphones compared to the more traditional capa Citive scanners is that it can capture a 3D image rather than a 2D one. By using very high-frequency ultrasonic soundwaves, the scanner can map a fingerprint into a quite astonishing detail which includes things like ridges and pores as well as just the 'flat' patterns we are used to seeing. It does this by transmitting a pulse of ultrasonic sound against your finger and then analyzing the pressure of the pulse that gets bounced back from it. Each fingerprint will absorb different amounts of wave pressure, for a simpler way of describing the process, so a unique 3D map will be created. A map that captures the depth data across the various points of the scanner, making the resulting map very detailed in all dimensions. So far, so good. So, what went wrong?

How did the hacker break the scanner?

The truth is that nothing went wrong as far as the scanner was concerned, it did its job as intended. Unfortunately, the researcher (going by the name of darkshark9) was able to use a photograph of his fingerprint from a wine glass and, using Photoshop, create an alpha mask from it. This mask was then exported to 3ds Max software in order to create a geometry displacement to get a highly detailed and raised 3D model. It was then just a matter of printing that model from his AnyCubic Photon LCD resin printer, which has a precision level down to 10 microns. This ensured that all the edges of the fingerprint were properly rendered. The time to print was 13 minutes, after which the resulting fake fingerprint opened the Galaxy S10 every time. I said earlier that the hacker had fooled the scanner, but actually this is not really the case, since the cloned fingerprint is exactly the same as the original, so the scanner recognizes that it was instructed to.

 

And the real-world risk to us?

Well, that really depends who you are, what data is on your phone and just how much someone wanted to access it. While darkshark9 states that " there's nothing stopping me from stealing your fingerprints without you knowing " and further that " if I steal someone's phone, their fingerprints are already on it " the truth is that this would require a perfect alignment of circumstances. For some very high profile individuals there is, indeed, a risk from such an attack scenario. However, for the average Jo (anne) there's no really a lot to worry about here. Sure, if someone stole your phone they could in theory get access not only to your personal data but also your bank account, as most of them now rely on fingerprint ID to authenticate the user to the app. That's assuming that the person who stole it also has 3D printer and technical skills to create the clone fingerprint along with the desire to do this, which is quite a premise to make.

Should I stop using my fingerprint? [19659004] No, that would not be advisable in my never humble opinion. There is always going to be a trade-off between convenience and security, which is why most folks do not use a PIN or password. Both security authentication methods are generally considered more secure than fingerprint biometrics by most security experts, but both have more trouble in terms of remembering and inputting the code. Which is why many people have their phones unlocked all the time, requiring no such authentication in the first place. Biometrics such as face and fingerprint recognition overcome this by being 'secure enough' for most people, without adding any user-inconvenience to the mix. & Nbsp; " The whole biometric authentication movement on consumer electronics level will never be very secure " Ian Thornton-Trump, head of cybersecurity at AmTrust Europe agrees, telling us " I'm not a fan of facial recognition, voice recognition or fingerprint authentication but consumers are and that's not bad thing. " I'd definitely always recommend a fingerprint protected device to one with no protection. I'd always recommend a fingerprint protected device to one with no protection. That advice stays the same in the light of the Galaxy S10 hack. In fact, even darkshark9 himself says that the ultrasonic fingerprint scanner of the S10 is probably safer than the optical or capacitive sensors of other smartphones. " optical sensors can be tricked with a simple scan and paper print of a fingerprint " he notes, " ultrasonic can not. " As reported here at Forbes last month, the fingerprint scanner is certainly more secure than the facial recognition which can be beaten by a video of the owner placed in front of the smartphone.

I approached Samsung for a comment but none was forthcoming at the time of publication. If this changes, I will update the story in due course.

">

One of the big new feature announcements with the launch of the Samsung Galaxy S10 smartphone was the all new 'in-display' fingerprint scanner for the S10 and S10 + models. It was not just the convenience of having the scanner built into the screen that was pushed by Samsung, but the additional security offered by ultrasonic fingerprint sensor, rather than the traditional optical reader. This was, we were assured, able to create an intricate 3D map of your fingerprint which meant only you and you alone could unlock your phone. Now it seems that Samsung has just been proved to be wrong as a security researcher showed how he fooled the fingerprint scanner with a 3D-printed copy.

How does the ultrasonic fingerprint work?

The difference with the ultrasonic fingerprint scanner in the The Galaxy S10 and S10 + smartphones compare with the more traditional capacitive scanners is that it can capture a 3D image rather than a 2D one. By using very high-frequency ultrasonic soundwaves, the scanner can map a fingerprint into a quite astonishing detail which includes things like ridges and pores as well as just the 'flat' patterns we are used to seeing. It does this by transmitting a pulse of ultrasonic sound against your finger and then analyzing the pressure of the pulse that gets bounced back from it. Each fingerprint will absorb different amounts of wave pressure, for a simpler way of describing the process, so a unique 3D map will be created. A map that captures the depth data across the various points of the scanner, making the resulting map very detailed in all dimensions. So far, so good. So, what went wrong?

How did the hacker break the scanner?

The truth is that nothing went wrong as far as the scanner was concerned, it did its job as intended. Unfortunately, the researcher (going by the name of darkshark9) was able to use a photograph of his fingerprint from a wine glass and, using Photoshop, create an alpha mask from it. This mask was then exported to 3ds Max software in order to create a geometry displacement to get a highly detailed and raised 3D model. It was then just a matter of printing that model from his AnyCubic Photon LCD resin printer, which has a precision level down to 10 microns. This ensured that all the edges of the fingerprint were properly rendered. The time to print was 13 minutes, after which the resulting fake fingerprint opened the Galaxy S10 every time. I said earlier that the hacker had fooled the scanner, but actually this is not really the case, since the cloned fingerprint is exactly the same as original, so the scanner recognizes that it was instructed to.

And real -world risk to me?

Well, that really depends who you are, what data is on your phone and just how much someone wanted to access it. While darkshark9 states that "there's nothing stopping me from stealing your fingerprints without you knowing" and further that "if I steal someone's phone, their fingerprints are already on it", it's true that this would require perfect alignment of circumstances. For some very high profile individuals there is, indeed, a risk from such an attack scenario. However, for the average Jo (anne) there's no really a lot to worry about here. Sure, if someone stole your phone they could in theory get access not only to your personal data but also your bank account, as most of them now rely on fingerprint ID to authenticate the user to the app. That's assuming that the person who stole it also has 3D printer and technical skills to create the clone fingerprint along with the desire to do this, which is quite a premise to make.

Should I stop using my fingerprint? [19659004] No, that would not be advisable in my never humble opinion. There is always going to be a trade-off between convenience and security, which is why most folks do not use a PIN or password. Both security authentication methods are generally considered more secure than fingerprint biometrics by most security experts, but both have more trouble in terms of remembering and inputting the code. Which is why many people have their phones unlocked all the time, requiring no such authentication in the first place. Biometrics such as face and fingerprint recognition overcome this by being "secure enough" for most people, without adding any user-inconvenience to the mix. Ian Thornton-Trump, head of cybersecurity at AmTrust Europe agrees, telling me "I'm not a fan of facial recognition, voice recognition or fingerprint authentication. but consumers are and that's not a bad thing. " I'd definitely always recommend a fingerprint protected device to one with no protection. I'd always recommend a fingerprint protected device to one with no protection. That advice stays the same in the light of the Galaxy S10 hack. In fact, even darkshark9 himself says that the ultrasonic fingerprint scanner of the S10 is probably safer than the optical or capacitive sensors of other smartphones. "Optical sensors can be tricked with a simple scan and paper print of a fingerprint" he notes, "ultrasonic can not." As reported here at Forbes last month, the fingerprint scanner is certainly more secure than facial recognition, which can be beaten by a video of the owner, placed on the front of the smartphone.

I approached Samsung for comment, but none was available at the time of publication. If this changes, I will update the story in due course.


Source link