Earlier this month, according to The Sun reported that the Samsung Galaxy S10’s in-display fingerprint sensor has a security flaw. Some silicone screen protectors may confuse the ultrasonic fingerprint sensor. If you currently use this kind of covers, please refrain from using it until your device has been updated with a new software patch, according to Samsung’s official statement.

What happened？

A British user complained that her Galaxy S10’s fingerprint recognition system got confused after a silicone screen protector was applied. Those fingerprints that have not been recorded can also unlock the phone. What’s worse, they could also log into some private Bank APPs and perform operations. At least three banks operating in the UK have decided to temporarily suspend their mobile banking services for Samsung Galaxy S10 users. These are not the only financial institutions that took steps to protect their customers.

However, this is not the first time that the S10 has had problems with fingerprints. Earlier this year, The Imgur blogger darkshark had successfully fooled the ultrasonic fingerprint sensor with the 3D print of his finger. He took photos of his fingerprints left on the surface of a wine glass and then used Photoshop to clean it up. He finally created a 3D model of his fingerprint patterns using 3DS Max.

The Fingerprint Recognition System Of Samsung

Now, let’s look inside the fingerprint recognition system of Samsung and find out the possible cause of the fingerprint issue mentioned above.

Software protection: feature point extraction algorithm

Currently, most fingerprint identification algorithm is realized by extracting and comparing key feature points, such as the overall structure of fingerprint, local bifurcation points, endpoints, breakpoints and so on. In this case, the ultrasonic fingerprint sensor of Samsung Galaxy S10 may come with a detection bug.

We suspect that the problem is probably related to the “threshold and learning mode setting” of the fingerprint learning algorithm. For the first case mentioned above, the system recorded the texture of silicone screen protector and the textured surface fooled the phone’s biometric authentication system. Nowadays, the fingerprint identification module needs to satisfy more users and it is hard for module to balance the recognition rate and the pass rate. Samsung should make their best effort to strengthen security through continuous improvement and updates to enhance biometric authentication functions.

Hardware protection: trusted computing environment and resource isolation

The best way to protect your private information on your phone is to build a trusted computing environment inside it. Each manufacturer has a different strategy for TEE isolation.

Since Apple A7, Apple has adopted a self-developed isolation system called Security Enclave. As a separate processor handling biometric information, the Enclave stores encryption keys used to lock down the biometric data. Thus makes it difficult for hackers to decrypt sensitive information without physical access to the device.

Compared to Apple, Samsung adopted a completely different design in TEE isolation. The built-in mobile security platform Knox is applied to isolate sensitive data. Between the sensitive data storage and the main system, Samsung designed a fuse. The E-fuse will be set if the phone is booted or a swipe is detected. As thus, Samsung created a trusted computing environment physically.

What about other cell phone manufacturers?

Also in October Google came under fire for its Pixel 4 facial recognition unlock feature, which would unlock your phone, even if your eyes were closed. Google issued a media statement quickly that the glitch will be fixed in a software update that will be delivered in the “coming months.”