Some few weeks back, the news of the then yet to be released Samsung Galaxy S10 having an inbuilt crypto wallet broke and the whole crypto community was agog. Recent information has however suggested that the mobile phone might not be as secured as we all thought it is. A recent report revealed that the phone has been hacked successfully.
Security Researcher—Darkshark Explains All
According to a video which was posted online by a security researcher, who goes by the name—Darkshark, there is a way to bypass the smartphone’s biometric security system. Once this is done, the phone and every other fingerprint protected entity on the phone get compromised. This includes the crypto wallet.
In the video, Darkshark demonstrated how he was able to hack the phone’s built-in ultrasonic fingerprint sensor. According to him, using a 3D model of a fingerprint registered on the device to be hacked, the smartphone can be accessed. This process usually involves “photographing an original fingerprint, doctoring the image in Photoshop, creating a 3D model and, finally, printing it.” This is estimated to take about 13 minutes from start to finish.
Darkshark explained that he made use of his own smartphone to snap his own fingerprints off a wine glass.
“It took me 3 reprints trying to get the right ridge height (and I forgot to mirror the fingerprint on the first one) but yeah, 3rd time was the charm. The 3D print will unlock my phone… in some cases just as well as my actual finger does. This brings up a lot of ethics questions and concerns. There’s nothing stopping me from stealing your fingerprints without you ever knowing, then printing gloves with your fingerprints built into them and going and committing a crime. If I steal someone’s phone, their fingerprints are already on it. I can do this entire process in less than 3 minutes and remotely start the 3d print so that it’s done by the time I get to it. Most banking apps only require fingerprint authentication soI could have all of your info and spend your money in less than 15 minutes if your phone is secured by fingerprint alone.”
Fingerprints Residue on the Samsung Galaxy S10 makes it Easy to Hack Once Stolen
Speaking on how this same method can be used on other unsuspecting victims, Darkshark explained that:
“If I stole your phone…your fingerprints are currently on it.”I actually distorted my fingerprints before posting this, so no, you can’t use this same technique against me lol. This was just an experiment and I’m not going to dive much further into biometric physical hacking or anything. Just thought it was an interesting idea and it happened to work very well.”