The new Samsung Galaxy S10 has reportedly been hacked.
Widely touted as a game-changer for the crypto community because of its groundbreaking integration of a cryptocurrency wallet, the Samsung Galaxy S10 is apparently a lot less secure than intended.
In February, Samsung announced that its latest S10 model would integrate a secure blockchain wallet to store private keys for crypto assets. But a new video posted on Imgur shows how a hacker named darkshark, a security researcher, appears to bypass the mobile device’s biometric security system to unlock the phone.
Using an elaborate scheme, darkshark shows how the phone’s built-in ultrasonic fingerprint sensor can be fooled – by using a 3D model of a fingerprint that takes approximately 13 minutes to print after a longer process that involves photographing an original fingerprint, doctoring the image in Photoshop, creating a 3D model and, finally, printing it.
According to darkshark, he used his smartphone to photograph his own fingerprint that was left on a wine glass.
“It took me 3 reprints trying to get the right ridge height (and I forgot to mirror the fingerprint on the first one) but yeah, 3rd time was the charm. The 3D print will unlock my phone… in some cases just as well as my actual finger does.
This brings up a lot of ethics questions and concerns. There’s nothing stopping me from stealing your fingerprints without you ever knowing, then printing gloves with your fingerprints built into them and going and committing a crime. If I steal someone’s phone, their fingerprints are already on it. I can do this entire process in less than 3 minutes and remotely start the 3d print so that it’s done by the time I get to it. Most banking apps only require fingerprint authentication so I could have all of your info and spend your money in less than 15 minutes if your phone is secured by fingerprint alone.”
Last month, the Samsung Galaxy S10 debuted with a slew of rich features, but the tech giant only rolled out the crypto wallet in the US, Canada and Korea out of the 70 countries where it is currently available for purchase. The geo-restrictions left buyers around the world wondering why they weren’t able to activate the crypto wallet feature, even though they were able to download the appropriate Android application package to implement the wallet.
This stage it is only available to the US, Canada and Korea. If any updates are available you will be notified.
— Samsung Australia (@SamsungAU) February 28, 2019
CoinDesk Korea reports that the Samsung Blockchain Wallet is currently compatible only with Ethereum (ETH) and Ethereum-based ERC20 tokens, with full support for other cryptocurrencies, including Bitcoin, slated for a future date.
Regarding the cloned fingerprint, darkshark cautions,
“If I stole your phone…your fingerprints are currently on it.”
“I actually distorted my fingerprints before posting this, so no, you can’t use this same technique against me lol.
This was just an experiment and I’m not going to dive much further into biometric physical hacking or anything. Just thought it was an interesting idea and it happened to work very well.”