Mum discovers anyone could access her information on her Samsung Galaxy S10, via 3rd party part

Discussion in 'Headline News' started by RickAgresta, Oct 14, 2019.

  1. RickAgresta

    RickAgresta Peanut, leader of the Peanutty Forces

    Messages:
    20,846
    Likes Received:
    15,928
    Trophy Points:
    288
    SECURITY SLIP-UP
    Mum discovers anyone could access her information on her Samsung Galaxy S10 after fitting £2.70 screen protector from eBay

    With the screen on, Lisa set up her right thumb print to access the phone but later used her left, which unlocked it.

    She found any print unlocked the phone.


    Lisa, from Castleford, West Yorks, said: “Anyone can access it and could get into the financial apps and transfer funds.”

    Samsung said people should only use authorised screen protectors.

    She got husband Wes, 34, to try and both his thumbs were also able to open the phone through the gel cover.

    Mum-of-two Lisa also checked her sister’s Samsung and it was exactly the same when fitted with the case.


    The company are now investigating her discovery.

    She said: “This means that if anyone got hold of my phone they can access it and within moments could be into the financial apps and be transferring funds.

    “It’s a real concern.”

    “We called Samsung because we thought there was a fault with the phone.

    “The man in customer services took control of the phone remotely and went into all the settings and finally admitted it looked like a security breach.

    link: https://www.thesun.co.uk/tech/10127908/samsung-galaxy-s10-screen-protector-ebay/
     
    Mi An, lelisa13p, Hook and 2 others like this.
  2. raspabalsa

    raspabalsa Brain stuck BogoMipping

    Messages:
    9,048
    Likes Received:
    6,785
    Trophy Points:
    288
    I wonder if this is a fault only of ultrasonic in-screen figerprint readers (as found in the S10), or if it can affect optical in-screen readers (as found in the Oneplus 7 Pro). If it only affects ultrasonic readers, then it sounds like a good reason to stay away from the S10 (and similarly equipped phones). If it affects both technologies, then maybe it's a good idea to choose a phone with capacitive fingerprint readers.

    EDIT: Looks like the OnePlus 7 Pro's optical reader is also easily hacked. Interestingly, this article says ultrasonic readers are more secure than optical ones. Seems that's not the case any more.
     
  3. headcronie

    headcronie Greyscale. Nuff Said. Super Moderator

    Messages:
    13,928
    Likes Received:
    3,659
    Trophy Points:
    113
    Egads! I don't keep any of my cards or bank accounts on my phone. Yeah, I use fingerprint to get me in quickly, but it doesn't unlock payment accounts, or anything like that. You'll get into my Facebook account, Instagram, work and personal emails. Meh. If you've got access to personal emails, you've got access to most financials. Yuck! Time to walk away from fingerprint authentication. Just too many compromises!
     
    scjjtt, lelisa13p, Hook and 1 other person like this.
  4. raspabalsa

    raspabalsa Brain stuck BogoMipping

    Messages:
    9,048
    Likes Received:
    6,785
    Trophy Points:
    288
    Supposedly the fingerprint reader was moved from the bottom screen bezel to in-screen to allow for larger screen/body size ratios and ever-decreasing bezel sizes. I'd be happy if phone designers just kept the reader on the back, as found in my LG G6.
     
  5. jigwashere

    jigwashere Life is a circus!

    Messages:
    17,227
    Likes Received:
    11,790
    Trophy Points:
    288
    This article is pure garbage: it's nothing but hype and devoid of any real information. No corroboration. Nothing. So, some lady applies an unnamed brand of gel screen protector to her device. Subsequently her phone fails to lock properly. And a Samsung customer service rep divines a security breach through what. Their psychic powers? Give me a break.

    EDIT: I found pictures of the screen protector. It wasn't liquid hydrogel as I assumed from the way the article was written. Instead, it's a thick soft plastic cover. There's no way the ultrasonic fingerprint reader would work with that type of cover. Most tempered glass screen protectors won't work, either.

    [​IMG]
     
    Last edited: Oct 15, 2019
  6. jigwashere

    jigwashere Life is a circus!

    Messages:
    17,227
    Likes Received:
    11,790
    Trophy Points:
    288
    scjjtt, lelisa13p, raspabalsa and 2 others like this.
  7. RickAgresta

    RickAgresta Peanut, leader of the Peanutty Forces

    Messages:
    20,846
    Likes Received:
    15,928
    Trophy Points:
    288
    scjjtt and jigwashere like this.
  8. jigwashere

    jigwashere Life is a circus!

    Messages:
    17,227
    Likes Received:
    11,790
    Trophy Points:
    288
    The reporting on this issue is abysmal and does nothing but frighten people without providing good information about the actual problem. How many people are removing their expensive screen protectors thinking they're affected? It has been very difficult to discern what's real and not real about this issue.

    The claim in the Forbe's article is that:
    What the hell does that mean? The device has captured a fingerprint from the user within the gel cover? Sounds magical.

    Other articles claim that with the gel cover, anyone's fingerprint will unlock the device. The headline from Gizmodo: "A Bug Lets Any Fingerprint Unlock the Galaxy S10 and Note 10, and Samsung Blames Phone Covers."

    Any fingerprint? Okay....how? In fact, the last paragraph in the Gizmodo article is even stupider:
    So, simply putting a gel pad on the S10 disables security? Um...no.

    The problem is only an issue when someone tries to set up fingerprint security AFTER installing a thick gel or silicone screen cover. What happens, apparently, is the the ultrasonic scanner reads 3-dimensional patterns (imperfections) in the cover itself. It's not reading the user's fingerprint. You could unlock the phone by pressing on the fingerprint scanner while wearing gloves - because it's not reading a fingerprint - it's reading the imperfections in the screen cover.
     
    scjjtt likes this.
  9. headcronie

    headcronie Greyscale. Nuff Said. Super Moderator

    Messages:
    13,928
    Likes Received:
    3,659
    Trophy Points:
    113
  10. EdmundDantes

    EdmundDantes Mobile Deity

    Messages:
    2,291
    Likes Received:
    2,058
    Trophy Points:
    288
    I posted this in another thread; but the Times reviewed the Pixel and confirmed that the phone can be unlocked with an eyes-closed face or other workarounds.

    https://www.nytimes.com/2019/10/21/technology/personaltech/pixel-4-review.html

    I was skeptical of all this face-opening tech (and I'm not keen on fingerprints either). I don't use the phone like most do, so putting in an unlock code is not a huge hassle for me, but I know it can be for others.
     
    scjjtt likes this.

Share This Page