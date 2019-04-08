Someone tricked the Galaxy S10's in-screen ultrasonic fingerprint sensor with a 3D-printed fingerprint. Only, not really.

A lock wants a key. It doesn't care where that key comes from.

A person who is adept at the right software was able to take a photograph of his fingerprint on a wine glass and recreate it in three dimensions using a 3D printer, then use this nylon print and a real finger to unlock the Galaxy S10.

It sounds a lot less like fooling the fingerprint reader if you approach it from this direction because the ultrasound of a fingerprint is used as the key to getting in, and where that comes from doesn't matter. If you get a copy of your house key made at Home Depot and it works in the lock, have you fooled it?

This is a security risk. Someone with the right camera and the right lens could snag a photo of your fingerprint from your wine glass, print it off, then steal your phone and unlock it. If they wanted to, that is. Fingerprint readers have always been this way, whether on a phone or something more mundane like a passport. They aren't foolproof as long as you aren't really trying to fool them, and creating an exact duplicate of anything is possible.

If you want or need your phone (or anything, really) to be as secure as it can be don't use biometrics of any kind to allow access.

Usernames vs. Passwords

A bigger concern is that biometrics really aren't suitable as passwords in the first place. Your fingerprint identifies who you are; you have 10 of them and none can ever be changed. A look at high-level security installations that use biometrics for access is in order.

Your fingerprints are your identity, not your password.

Looking into an optical eye-scanner or providing a full palm print to unlock a door isn't supplying a password, it's providing an identity. A General or high-ranking executive needs to tell that door who they are before it decides if they can enter. Someone could steal a key or hack a password, but they would still need to be on the list of people with access if they wanted to see what's on the other side of a door sealed by biometrics.

But things are a bit different when it comes to a phone. Well, your phone and my phone, anyway: there are people who need to have truly secure communication devices but most of us aren't one of those people. We just need a way to make sure our phone isn't wide open in case it gets lost or stolen, or if we have friends who like to snoop on our stuff.