Samsung admits to major security flaw in its phones that lets anyone bypass fingerprint sensors

The flaw is especially worrisome because fingerprint sensors not only unlock Samsung phones, but also enable payments through the company’s Samsung Pay system.
Image: Samsung Galaxy S10
The ultrasonic fingerprint scanner embedded into the screen of a Samsung Galaxy S10 5G enabled phone, in London.Yui Mok / PA Images via Getty Images file

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.
SUBSCRIBE
/ Source: CNBC.com
By Todd Haselton, CNBC

Samsung on Friday explained a major security flaw that affects its Galaxy S10 and Galaxy Note 10 family of phones. The flaw, which surfaced on Thursday, could potentially let anyone’s fingerprint unlock a phone.

This issue involved ultrasonic fingerprint sensors unlocking devices after recognizing 3-dimensional patterns appearing on certain silicone screen protecting cases as users’ fingerprints,” Samsung said, referring to the in-screen fingerprint reader on its newest phones. “To prevent any further issues, we advise that Galaxy Note10/10+ and S10/S10+/S10 5G users who use such covers to remove the cover, delete all previous fingerprints and newly register their fingerprints.”

CNBC was unable to recreate the flaw on a demo Galaxy Note 10 device, but it seems that it requires a silicone case that also protects the screen. CNBC tested using a third-party screen protector and with a clear plastic case placed over the screen. Still, Samsung warns against using any front screen protective cover for now.

“If you currently use front screen protective covers, to ensure optimum fingerprint scanning, please refrain from using this cover until your device has been updated with a new software patch,” the company said.

“A software update is planned to be released as early as next week, and once updated, please be sure to scan your fingerprint in its entirety, so that the all portions of your fingerprint, including the center and corners have been fully scanned.”

The flaw is especially worrisome because fingerprint sensors not only unlock Samsung phones, but also enable payments through the company’s Samsung Pay system.