British banks blacklist Galaxy S10 over fingerprint vulnerability
Image credit: Dreamstime
Some UK banks are temporarily blocking Samsung Galaxy S10 users from downloading their banking apps in response to security vulnerabilities associated with its fingerprint unlocking system.
Last week, BleepingComputer reported that the Galaxy S10’s ultrasonic in-screen fingerprint scanner could be confused using third-party glass and silicone screen protectors costing as little as £2.70. When a fingerprint is registered with these covers applied, the phone could start unlocking in response to anybody’s fingerprint.
Initially, Samsung issued a statement saying that customers should only use “Samsung authorised accessories” with their phones – such as its official $30 screen protector – and confirmed that it would issue a software patch, which is expected to arrive this week. The Seoul-based electronics giant added that any device with the same scanner could also be vulnerable, including the S10+, S10 5G, Note10, Note 10+, and Note 10 5G, confirming reports from Note 10 users that their devices were suffering from the same issue.
As fingerprint scanners have become a standard for smartphones, they have increasingly been used for authentication purposes, including for users to secure their banking apps.
Users of the r/GalaxyS10 subreddit later noticed that NatWest customers were unable to download its banking app from the Play Store using a Galaxy S10, following reports of the security vulnerability. A NatWest representative later confirmed that the banking app had been removed from the Play Store for S10 owners. The Royal Bank of Scotland – which earlier this year announced plans to trial a card which uses fingerprints to authenticate purchases instead of PIN – also took the decision to pull their app from the Play Store.
Some r/GalaxyS10 users criticised the decision to pull the app entirely as an overreaction.
In a less drastic move, Nationwide disabled fingerprint authentication for access and payments in its own banking app on the S10, while other banks have simply recommended that customers disable fingerprint authentication from their devices for the time being.
It is unclear if banks in the US and elsewhere will follow suit by blocking the S10 while the security issue remains unpatched. However, a US-based reddit user claimed that their bank had prevented them from using Samsung Pay while an Israel-based user said that their banking app had disabled login by fingerprint.
While Samsung’s latest S10 range has been commended by reviewers and consumers, the company has suffered some recent embarrassments over technical failures in its consumer products. The Samsung Galaxy Fold – a novelty folding smartphone – was widely reported to be suffering from screen issues after just hours of use, soon before its planned launch in April. The phone was relaunched in September.
Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.