The user of the Imgur service cheated the fingerprint scanner of the Samsung Galaxy S10 by making a copy of his fingerprint on a 3D printer. He noted that the copy was made on the basis of a fingerprint left on a glass of wine.
The traditional method of protecting a smartphone against unauthorized access is considered a password. But in recent years, almost all smartphone manufacturers have started to equip their devices with biometric scanners. Most of these devices scan a fingerprint pattern, but there are more unusual systems, for example an iris scanner on Samsung smartphones, an infrared 3D face scanner on Apple smartphones or a vein palm scanner on LG smartphones. Because the fingerprint, iris and other parts of the body have dozens and hundreds of parameters that are individual to each person, manufacturers call such security methods reliable. Researchers in the field of information security, however, quickly find ways to get around these methods after the announcement of new smartphones.
The Samsung Galaxy S10 smartphone line was introduced at the end of February 2019 and one of the differences between the older models S10 and S10 + of other smartphones was that they were using the ultrasound fingerprint scanner built into the screen for the first time. The difference between this scanner and optical scanners integrated into the screen is that it works thanks to the transmitted sound waves, which allow you to create a three-dimensional model of a print instead of a flat image. According to Samsung, this increases the reliability of the scanner and makes it more resistant to attacks.
Imgur user under the nickname darkshark showed that this scanner can still be fooled and in a fairly simple way. As a source of data, he took the imprint of his thumb, left it on a glass of wine, and shot on a smartphone. For example, he demonstrated that such an attack can be carried out in real, not in laboratory conditions. After receiving a snapshot, darkshark made its binary black-and-white version and then created a 3D model that represents the relief of a fingerprint. He printed this model on a 3D stereolithographic printer in the form of a thin transparent polymer plate.
The Samsung Galaxy S10 tried to fool the ultrasonic fingerprint scanner by using 3d printing. It worked.
To unlock the smartphone, it turned out to be enough to lean the plate against the scanning area and press it with your finger. The author said he had to print three versions of the plate because he could not immediately find the desired depth of the grooves on the print. It is worth noting that this is not the first biometric method to protect the Galaxy S10, which we have easily avoided. In the past, for example, the face recognition system in the image of the camera could be misled by showing her a photo or video with the face of the owner opened on another smartphone.
In addition, previous researchers were able to fool biometric scanners on other mobile devices. For example, the Galaxy S8 iris scanner was misled by photography and a contact lens, the FaceID face scanner on the iPhone was bypassed with a 3D printed face model, and the Windows Hello infrared scanner could not distinguish a real face from a simple A4 print.