A report from Forbes detailed how one hacker was able to bypass the fingerprint scanner on a Samsung Galaxy S10.
Sure, how the hack was accomplished was tedious and required a 3D resin printer, but the fact of the matter here is that the supposedly unhackable and secure fingerprint scanner was bypassed. According to the report, the hacker basically used a photo of his own fingerprint.
“...the researcher (going by the name of darkshark9) was able to use a photograph of his fingerprint from a wine glass and, using Photoshop, create an alpha mask from it. This mask was then exported to 3ds Max software in order to create a geometry displacement to get a highly-detailed and raised 3D model. It was then just a matter of printing that model from his AnyCubic Photon LCD resin printer which has an accuracy-level down to 10 microns. This ensured all the ridges of the fingerprint were properly rendered. The time to print was 13 minutes, after which the resulting fake fingerprint opened the Galaxy S10 every time. I said earlier that the hacker had fooled the scanner, but actually this isn't really the case as the cloned fingerprint is exactly the same as the original so the scanner was recognizing that which it had been instructed to."
Should we be worried? I think so. More so, if you’re someone who carries sensitive data in your phone. But then again, we all consider our phones to be carrying sensitive data because whatever is in our phones are all very personal to us. So, yes, sensitive. In turn, it’s best to keep this in mind. I think that doing so, raises our level of awareness in relation to keeping our selves digitally secure.
On a lighter side, let’s not forget that the process of hacking the S10’s ultrasonic fingerprint scanner, involves a lot of steps and one must have the technical know-how to execute it. And let’s not forget that there’s a 3D printer involved. If your S10 (or whatever phone that employs ultrasonic fingerprint scanning) gets stolen, whoever stole it must be targeting you in the first place and has all the needed equipment prior.
You really must be someone for someone with nefarious intentions to intentionally target you. And that’s intense. I’d imagine you to be someone who carries the secret formula to an elixir to stay young and healthy or something like that.
Anyway, I’d still recommend that you lock your phone with a traditional passcode and make sure that the passcode is more than 4 digits long. All the better if you use a passphrase. I’m not sure if that’s possible on an Android device. I know it can be done on an iOS device though. I’ve written several articles in the past already about how to put together a passcode or password or passphrase. The key idea there is to make sure that your security pass is longer than your usual “password” password.