Remember meForgot password?
    Log in with Twitter

article imageThe reason behind the Samsung fingerprint spoof Special

By Tim Sandle     Oct 24, 2019 in Technology
A major weakness with Samsung devices was recently highlight - hackers can use screen protectors to allow for any fingerprint to be used to unlock any Samsung smartphone. Philipp Pointner, Chief Product Officer, Jumio provides analysis.
It was recently discovered that any person can unlock a Samsung Galaxy S10 with their own fingerprint. This applies even if the device is not registered with the security software. The fault arose when someone discovered that by adding a screen protector to the smartphone, the fingerprint sensor stopped working properly.
Then after applying a $3 gel screen protector any person could unlock a device with any finger, even when the digits are not registered. Further investigation found the issue to affect most Samsung devices.
To explore the weakness further, Digital Journal spoke with Philipp Pointner, Chief Product Officer, Jumio. Outlining the issue, Pointner explains: "This means any person can unlock the device and access its data and any other apps opened by the biometric security."
Fingerprint scanning technology could become common-place.
Fingerprint scanning technology could become common-place.
It also questions just how secure are biometrics, according to Pointner? "Smartphone manufacturers have been implementing advanced features for users to secure their devices, using fingerprint readers, face mapping, and even sensors that map out the veins in the palm of your hand, but device-centric approaches like fingerprint sensors are inherently problematic."
Pointner also notes that there is a fundamental conceptual design weakness with the way biometrics have been configured on such devices. He notes that: "The biggest issue is that these fingerprint sensors are easily spoofed and cannot be relied on for commercial authentication use cases, but this approach also suffers from several other limitations. Multiple people can register their fingerprints on the same device, which means it’s unclear which family member was behind a given commercial transaction."
This also throws up a major risk if a device is stolen, as Pointner says: "If the device is lost or stolen, the ability to recover access to their online accounts is challenging."
In terms of wider lesions for the technology sector, Pointner recommends facial recognition over finger print scanning: "For any organization looking for enterprise-grade security, spoof-proof detection, and cross-device support, face-based authentication is inherently superior to fingerprint-based methodologies."
Here technology has advanced: "Certain cloud-based approaches can leverage the 3D face map of a user's face to alleviate some of the shortcomings of fingerprint-only authentication methods. Features like certified liveness detection add another layer of protection, rendering the solution practically spoof-proof. These options create a digital chain of trust to a unique user and can be used across devices."
More about Biometric, Fingerprint, Spoof, Hacking, Cybersecurity
Latest News
Top News