A hacker under the pseudonym of DarkShark has managed to hack the Samsung Galaxy S10, circumventing the biometric security system used by the popular high-end cell phone.
In a post published on Imgur, DarkShark shared with his followers a video in which he demonstrates how he succeeds in unlocking the Samsung Galaxy S10 with a replica of a fingerprint created with a 3d printer.
Darkshark filmed himself wearing latex gloves to hide his fingerprints. He then pressed on a sheet that had a replica of a fingerprint printed on resin, which successfully unlocked the phone. He explained that the height of the ridges of the fingerprint was set to levels close to 10 microns.
The hacker commented that there is a potential danger in the use of this biometric tech since the method not only serves to unlock the phone but could serve to bypass any type of security that uses the biometric system as its primary resource. This leaves most banking applications that only need fingerprints to process transactions vulnerable:
If I steal someone’s phone, their fingerprints are already on it. I can do this entire process in less than 3 minutes and remotely start the 3d print so that it’s done by the time I get to it. Most banking apps only require fingerprint authentication so I could have all of your info and spend your money in less than 15 minutes if your phone is secured by fingerprint alone.
The hacker added that this hack obviously would make the crypto wallet built in every Galaxy s10 vulnerable, explaining that it is always advisable to take as many precautions as possible:
If your crypto wallet is only secured via fingerprint then yeah you can abuse that. The whole point of this article is to let you all know that biometrics are not a safe way of securing your information. Use a complex password if you have things to keep safe
In addition, he explained that the process can be done in less than 3 minutes, commenting that it can even be executed remotely.
So far Samsung has not commented on the DarkShark article. At first glance, it seems that this problem could not be fixed via software.