A savvy tech fiend has fooled the new Samsung Galaxy S10 with a 3D print of his fingerprint. The hack which was done using pretty basic software and tools didn’t take long according to the blogger darkshark.
In a post on Imgur, darkshark explains how he started the process by taking a photograph of his fingerprint on a wine glass using his smartphone.
I attempted to fool the new Samsung Galaxy S10's ultrasonic fingerprint scanner by using 3d printing. I succeeded. from r/galaxys10
He took the photo into photoshop where he increased the contrast and added an alpha layer. He then dropped that corrected image into 3DS MAX and created a geometry displacement from the Photoshop image which resulted in a raised 3D model of every last detail of the fingerprint.
Basic software and general knowledge
That model was then dropped into 3D printing software and printed on an AnyCubic Photon LCD resin printer. This particular model gives an accuracy down to about 10 microns (in Z height, 45 microns in x/y), which is absolutely adequate to capture all of the ridges in a fingerprint.
The printing took about 13 minutes after which darkshark could do some gloves and then place the printed fingerprint which looks like a microscope slide onto the phone.
Access to banking apps
Voila absolute access. While being able to unlock someone's phone isn’t such a big deal, darkshark says what's scary is that many of the banking apps the uses only require a fingerprint authentication to approve transactions.
Darkshark makes the good point that a stolen phone will be covered in fingerprints that could easily be photographed and replicated. He says the process took three prints to get right but once you have the method down replicating fingerprints could be done in under a few minutes.
Biometric security everywhere
Lots of phones and devices have embraced the use of fingerprint recognition as a form of security. The latest Samsung smartphone uses an ultrasonic sensor that’s apparently meant to be more difficult to spoof.
It isn’t the first time 3D printing has been used to unlock a phone, back in 2016 Splinter reported that Michigan police had roped into a biometrics expert to help them create a 3D print of a murder victim's finger so they could unlock his phone.
Apparently, the police had reason to believe the contents of the phone would assist in their investigation into the man's death. And back in November 2017, a Vietnamese security firm claimed to have broken the Apple FaceID tech using a mask that cost less than $150 USD.
Apple not safe
When Apple released the iPhone X a couple of months earlier, it boasted its face identification software was so good it would take 1-in-a-million for it to be unlocked by the wrong person. That was a statement that almost every hacker and security software around the world took as a challenge, and the Vietnamese firm, Bkav seems to be the winner.
The company says they created the mask using 3D printing, makeup, paper, and a hand-molded silicone nose. The team that worked on the hack, said they didn’t really use a particular method to break into the phone, but just kept adjusting the mask until the phone unlocked.
Cybersecurity experts have long said that relying solely on biometric security measures is risky. If you are concerned about the privacy of your devices its best to use several security layers particularly when it comes to anything financial.