Just a few days ago, reports began circulating about how easily the security of the ultrasonic fingerprint sensor on the Samsung Galaxy S10 series could be bypassed to unlock the device. Samsung has promised to address the issue in an upcoming software update, but in the meantime, some banks have taken matters into their own hands by either preventing Galaxy S10 owners from downloading and using their apps from the Play Store or disabling the fingerprint log-in option.
Apparently, all one has to do is place a screen protector on top of the display and press down on the sensor area with any finger. According to some Reddit users from the United Kingdom, two UK banking institutions — NatWest and Nationwide Building Society — have already implemented countermeasures intended to protect affected Galaxy users. In the case of NatWest, its banking app was removed from the Play Store for Galaxy S10 owners until Samsung fixes the security issue.
Nationwide Building Society is taking a less drastic approach and simply disabling the fingerprint log-in option from inside the app. In the same Reddit thread, a user from Israel also reported having the fingerprint log-in option removed from his or her banking app, as well.
As far as we know, US banks have yet to implement such countermeasures. On my Galaxy S10+, for instance, I'm still able to use the ultrasonic fingerprint sensor to log in to several banking apps, including Chase and PayPal.
According to Samsung, the devices that are vulnerable to this ultrasonic fingerprint sensor bypass method are the Galaxy Note 10, Note 10+, S10, S10+, and S10 5G models. Samsung claims the software update containing the security fix will be released as early as this week and asks its users to rescan their fingerprints afterward.
- Kingshuk De