Recently, South Korean electronics giant Samsung announced this year’s Galaxy S10 flagship line-up. While everyone seems impressed with the phone’s overall design elements, as well as the punch-hole in-display front-facing camera for selfies and video calls and the ultrasonic, in-display fingerprint scanner, popular YouTube channel Unbox Therapy has released a new video revealing a major flaw in the Galaxy S10’s face unlock system.
In the video, Unbox Therapy’s Lewis Hilsenteger demonstrated the flaw. Hilsenteger was able to unlock the Galaxy S10 by pointing another phone’s (Google Pixel 3) screen playing his video at the S10’s face unlock sensor. The Galaxy S10 recognised his registered face and unlocked the device. We couldn’t verify the claims made in the video but if it’s indeed true, it poses a risk to a user’s privacy and their device’s security.
“The Samsung Galaxy S10 features in-display fingerprint unlock and face unlock. After some testing, I'd suggest using fingerprint unlock exclusively. The simple hack in this video defeats the face unlock security. If convenience is your priority face unlock will work but understand the potential consequences. Which unlocking style would you use on the new Samsung Galaxy S10 and Galaxy S10 Plus?”
As demonstrated by Hilsenteger, he was able to exploit this security flaw multiple times. But this can be avoided. We show you what you can do to safeguard your privacy and your device’s security. As for the time being until Samsung releases a software fix, we recommend that you should refrain from using the face unlock system on your Samsung Galaxy S10. Instead of relying on your Samsung Galaxy S10’s face unlock feature, you can start using its ultra-sonic, in-display fingerprint scanner or the pattern unlock as the primary unlocking mechanism.
Hilsenteger argues that since his Pixel 3’s screen had many fingerprints on it, the Samsung Galaxy S10 should not have ideally detected his face and unlocked the phone. A software update from Samsung should fix the issue. However, Samsung Galaxy S10 uses face unlock as the default unlocking mechanism.
Update (03:55 PM / March 15, 2019): Samsung reached out to us with a statement. However, Samsung did not say whether the company is willing to fix the issue demonstrated in the video with subsequent software updates. Here's what the company has to say:
"Face recognition is a convenient action to unlock your phone. For cases requiring strong security, Samsung recommends using the new in-display Ultrasonic Fingerprint Scanner that unlocks only with your physical fingerprint. The Ultrasonic Fingerprint Scanner has been certified by FIDO Alliance with the world’s first Biometric Component Certification that recognizes its vault-like security and industry best-practice for biometric-enabled devices."