Samsung Q&A: what’s gone wrong with its security

Flagship phone has a fingerprint reader issue

Samsung’s flagship phones use an ultrasonic fingerprint reader located underneath the screen to identify your registered fingerprints and unlock your phone without a password

Samsung’s flagship phones use an ultrasonic fingerprint reader located underneath the screen to identify your registered fingerprints and unlock your phone without a password

 

Another week another tech issue. This time it’s Samsung in the firing line as it turns out its flagship phones may have a security flaw – or at least the fingerprint reader.

What exactly is the problem?

Samsung’s flagship phones use an ultrasonic fingerprint reader located underneath the screen to identify your registered fingerprints and unlock your phone without a password. The ultrasonic technology uses soundwaves to read fingerprint ridges and builds a 3D picture of your fingerprint. It was supposedly more secure than the optical fingerprint reader and more reliable because it works even when your fingers are dirty or wet.

However, it turns out a flaw in the system made it possible for unregistered fingerprints to unlock the phone when paired with a screen protector.

Why was that a problem?

Aside from the privacy implications of anyone being able to poke around in your phone, the fingerprint reader could also be used for access to certain apps, including banking apps and mobile wallets such as Android Pay and Samsung Pay.

What phones does it affect?

The vulnerability only affects Samsung’s phones with the ultrasonic fingerprint reader. That was only introduced earlier this year for the Galaxy S10 and S10+, with the Note 10 and 10+ also using the technology when it launched in September.

What is Samsung doing about it?

Samsung said it will issue a security update next week that will address the flaw. Until then, it has suggested users remove third party screen protectors and delete and re-enroll fingerprints.

What can I do in the meantime to make sure my phone is secure in the meantime?

If you are concerned that your biometric information could be spoofed, simply disable the option to use it. Samsung doesn’t make it essential to use the fingerprint reader; you have the option to set a pattern to unlock your phone or a passcode. Just make sure your password is something difficult to guess, and not 666666.