Any Thumbprint Unlocks a Galaxy A10

Samsung’s so-called “revolutionary” fingerprint authentication system for the Galaxy A10 phone appears to be offering less than satisfactory results as it is discovered that any thumbprint can unlock one.

Biometric ‘Fail’

South Korean phone giant Samsung has received some unwanted bad publicity for its new Galaxy A10 phone after an article appeared in the Sun newspaper highlighting how a British couple discovered that, after putting a low-priced screen protector (purchased from eBay) on the phone, each other’s thumb print could unlock the phone.

The thumbprint scanner, which uses ultrasound to detect 3D ridges in fingerprints and only is supposed to recognise the thumbprint that has been registered by the user is reported to have recognised both of the thumbprints of user Lisa Neilson and both of her husband.

Patch

Samsung is reported to have acknowledged the fault and to be in the process of preparing a software patch to fix it.

Google Pixel ‘Face Unlock’ Issue

It seems that Samsung isn’t the only company struggling to produce a biometric phone security system that works properly.

The BBC has recently reported that after testing Google’s Pixel 4 phone’s Face Unlock system, it was discovered that with normal default settings on, the phone could be unlocked even if the user’s eyes were closed. The problem with this is that the phone could potentially be unlocked by another unauthorised person while the user is asleep simply by holding the phone in front of the user’s face.

The phone does, however, offer a ‘lockdown’ mode which users can switch to in order to deactivate the facial recognition system altogether.

Biometrics – The Way Forward?

Even though multi-factor authentication is more secure than relying on just a password for authentication, a continued reliance on weak passwords and password sharing by users, coupled with more sophisticated cyber and phone crime techniques mean that there is a strong argument for biometric methods of authentication, and a move towards what Microsoft has recently described as a "passwordless future".

What Does This Mean For Your Business?

Even though biometrics has been shown to make things much more difficult for cyber-criminals to crack, as the A10 and the Pixel 4 security systems illustrate, biometrics have not been 100% successful to date and is still needs some work. In fact, this is not the first time that a Samsung Galaxy has been in the news for a biometric issue. For example, a Reddit user recently claimed to have used a 3D printer to clone a fingerprint and then use that fake fingerprint to beat the in-display fingerprint reader on the Galaxy S10. Also, there was the report of the Twitter user who claimed to have fooled Nokia 9 PureView's fingerprint scanner by using somebody else’s finger, and then just a packet of chewing gum, and of the incident back in May 2017 where a BBC reporter said that he’d been able to fool HSBC’s biometric voice recognition system by passing his brother’s voice off as his own.

There is no doubt that the move away from passwords to biometrics is now underway, but we are still in the relatively early stages.

Posted by Andrew Sewell,

Comments