Samsung is issuing a patch for the Galaxy S10 and Note10, which both had fingerprint-reader flaws that were exposed last week. The phones’ in-screen fingerprint sensors would unlock seemingly for anyone and required simply placing a clear silicon phone case over top of the sensor. Samsung hasn’t released any official communication that the patch is available, but reports have surfaced from both Reuters and Reddit that a patch is out there.

After the news broke last week, Samsung acknowledged some Galaxy Note10 and S10 fingerprint problems in a press release, saying, “This issue involved ultrasonic fingerprint sensors unlocking devices after recognizing three-dimensional patterns appearing on certain silicone screen protecting cases as users’ fingerprints.” Samsung went on to say, “We advise that Galaxy Note10/10+ and S10/S10+/S10 5G users who use such covers to remove the cover, delete all previous fingerprints, and newly register their fingerprints.”

Samsung’s statement last week and the patch release notes don’t correctly describe the fingerprint issue that people have been experiencing. That has us wondering if the fingerprint flaw is actually fixed.

The patch notes list the “Reported issue” as “If you’ve used a screen cover, such as a silicone cover with a textured surface on the inside, the texture itself may be recognized as a fingerprint that can unlock your phone.” Samsung seems to think that you can register a piece of silicon as a fingerprint and then unlock the phone with it, but this is not an accurate description of what has been shown in numerous videos online. Even devices without screen protectors have demonstrated fingerprint security problems.

The issue is that placing certain transparent objects over top of the fingerprint reader will let anyone break into Samsung’s latest-generation phones. Sometimes it’s a clear screen protector, and sometimes it’s a clear phone case. Sometimes it’s a random piece of clear plastic. The phone isn’t learning and remembering a textured piece of silicon as a fingerprint—it’s unlocking with a piece of silicon it has never seen before. For whatever reason, if you interfere with the Galaxy S10’s or Note10’s fingerprint reader just a little bit, it will apparently give up and unlock the phone.

Since the original report, numerous videos have popped up online demonstrating the fingerprint flaw. One of the best examples is the above video: it shows someone registering several fingerprints on the naked Galaxy Note10 screen, which then recognizes any finger (even unregistered fingers) as “left index” anytime a transparent film is place between a finger and the fingerprint reader.

Showing this on the fingerprint-setting screen gives us a better idea of what’s going on. But if this were the lock screen, the phone would unlock each time, potentially for an unauthorized user.

Since Samsung is being so vague about the issue, we can’t tell if it was actually fixed. We’ll have to wait for the patch to roll out and do more tests to know for sure.

Listing image by Ron Amadeo

https://arstechnica.com/?p=1590191