Samsung patches fingerprint vulnerability in the Galaxy S10, Note10

Samsung has sent out a patch for the Galaxy S10 and Note 10 to fix their fingerprint-reader flaws exposed last week. The phones’ in-screen fingerprint sensors would unlock seemingly for anyone and required simply placing a clear silicon phone case over top of the sensor. Samsung hasn’t released any official communication that the patch is available, but reports have surfaced from both Reuters and Reddit that a patch is out there.
After the news broke last week, Samsung acknowledged some Galaxy Note10 and S10 fingerprint problems in a press release, saying, “This issue involved ultrasonic fingerprint sensors unlocking devices after recognizing three-dimensional patterns appearing on certain silicone screen protecting cases as users’ fingerprints.” Samsung went on to say, “We advise that Galaxy Note10/10+ and S10/S10+/S10 5G users who use such covers to remove the cover, delete all previous fingerprints, and newly register their fingerprints.”
Samsung’s statement last week and the patch release notes don’t correctly describe the fingerprint issue that people have been experiencing. That has us wondering if the fingerprint flaw is actually fixed.
The patch notes list the “Reported issue” as “If you’ve used a screen cover, such as a silicone cover with a textured surface on the inside, the texture itself may be recognized as a fingerprint that can unlock your phone.” Samsung seems to think that you can register a piece of silicon as a fingerprint and then unlock the phone with it, but this is not an accurate description of what has been shown in numerous videos online. Even devices without screen protectors have demonstrated fingerprint security problems.
The issue is that placing certain transparent objects over top of the fingerprint reader will let anyone break into Samsung’s latest-generation phones. Sometimes it’s a clear screen protector, and sometimes it’s a clear phone case. Sometimes it’s a random piece of clear plastic. The phone isn’t learning and remembering a textured piece of silicon as a fingerprint—it’s unlocking with a piece of silicon it has never seen before. For whatever reason, if you interfere with the Galaxy S10’s or Note10’s fingerprint reader just a little bit, it will give up and unlock the phone.
Since Samsung is being so vague about the issue, we can’t tell if it was actually fixed. We’ll have to wait for the patch to roll out and do more tests to know for sure.