In recent years, smartphone manufacturers have been implementing advanced features for users to secure their devices, using fingerprint readers, face mapping, and even sensors that map out the blood veins in the palm of your hand. But there are still ways to get around such measures, and one user found that he could fool the in-display fingerprint reader on his Samsung Galaxy S10 with a 3D print of his fingerprint.
In a post on Imgur, user darkshark outlined his project: he took a picture of his fingerprint on a wineglass, processed it in Photoshop, and made a model using 3ds Max that allowed him to extrude the lines in the picture into a 3D version. After a 13-minute print (and three attempts with some tweaks), he was able to print out a version of his fingerprint that fooled the phone’s sensor.
The Galaxy S10’s fingerprint sensor doesn’t rely on a capacitive fingerprint scanner that’s been used in other versions of the phone, using instead an ultrasonic sensor that’s apparently more difficult to spoof. darkshark points out that it didn’t take much to spoof his own fingerprint. A concern, he notes, is that payment and banking apps are increasingly using the authentication from a fingerprint sensor to unlock, and all he needed to get into his phone was a photograph, some software, and access to a 3D printer. “I can do this entire process in less than 3 minutes and remotely start the 3d print so that it’s done by the time I get to it,” he writes.
This certainly isn’t the first time that someone has found a way to get around a phone’s sensors. Police officers used a 3D print in 2016 to get into a murder victim’s phone, while a cybersecurity firm used a $150 face mask beat Apple’s FaceID on an iPhone X in 2017. As my colleague Russel l Brandom noted a couple of years ago, fingerprints aren’t as secure as you’d think — they can get stolen and spoofed, even on the most advanced phones.