Here Is Samsung’s Official Statement on the Fingerprint Sensor Vulnerability
Samsung's ultrasonic fingerprint sensors have got a lot of flak ever since they made their debut alongside the Galaxy S10 series. An ultrasonic sensor, by principle, is slower than an optical one as the former relies on sound waves perpetrating through the material interface, whereas the latter relies on light. Not only is it tad slower, but also less secure as demonstrated by yesterday's vulnerability, which affected Galaxy S10 and Note 10 devices. The ultrasonic fingerprint sensors on the smartphone could be tricked into unlocking the phone via any fingerprint. All one needs to do is add a glass-based screen protector that uses liquid adhesive on top. In an ideal world, a near ~$1,000 smartphone shouldn't be undone by a $10 glass protector, but here we are. Today, Samsung issued an official statement about the issue. According to their official press release:
This issue involved ultrasonic fingerprint sensors unlocking devices after recognizing 3-dimensional patterns appearing on certain silicone screen protecting cases as users’ fingerprints. This issue involved ultrasonic fingerprint sensors unlocking devices after recognizing 3-dimensional patterns appearing on certain silicone screen protecting cases as users’ fingerprints. To prevent any further issues, we advise that Galaxy Note10/10+ and S10/S10+/S10 5G users who use such covers to remove the cover, delete all previous fingerprints and newly register their fingerprints. If you currently use front screen protective covers, to ensure optimum fingerprint scanning, please refrain from using this cover until your device has been updated with a new software patch. A software update is planned to be released as early as next week, and once updated, please be sure to scan your fingerprint in its entirety, so that the all portions of your fingerprint, including the center and corners have been fully scanned.
Samsung's official statement gives us little in the way of an explanation and merely tells users not to use non-plastic screen protectors. It also advises affected users to delete any existing fingerprints and rescan them after the software fix has been rolled out, which should be sometime next week.
What exactly caused the fingerprint sensor vulnerability?
The problem is caused by certain silicone and glass covers that have a 3-dimensional pattern. Every fingerprint leaves behind a unique pattern that relies on the fingers' ridges and pores. The sensor uses ultrasonic waves to read the ridges and pores of the fingerprint and matches them with the one stored on the device to provide access. Due to the presence of the silicone layer, the sound waves emitted from a finger's ridges are not captured properly. The sensor gets a reading from the cover instead of the finger. As a result, one can unlock a device with such a case by just pressing down on the fingerprint reader as the pattern generated by the case isn't going to change regardless of the finger.
We're not entirely sure how a software update is supposed to fix a problem that stems from the laws of physics. Sound waves will always behave differently when a new layer is introduced, and no amount of software fixes can account for that. Ultrasonic fingerprint sensors have their benefits as they cannot be fooled by a high-quality photo or scan of a fingertip.