Samsung, Google acknowledge flaws in phone-unlocking biometric tools
Tech giants Samsung and Google are grappling with separate flaws in the biometric technology the companies give users to secure their mobile phones.
Samsung said Thursday that it was working on a patch for an issue discovered by a British couple that allows any fingerprint to unlock a Galaxy S10 or Note 10 phone with a certain screen protector on it. After buying a screen protector for her Galaxy S10, Lisa Neilson found both her thumbprints could unlock the phone, as could those of her husband and sister, according to The Sun newspaper.
“We are investigating this issue and will be deploying a software patch soon,” a Samsung spokesperson told CyberScoop. “We encourage any customers with questions or who need support downloading the latest software to contact us directly at 1-800-SAMSUNG.”
Google, meanwhile, has acknowledged to the BBC that the facial recognition system used on its Pixel 4 phone will unlock a phone even if one’s eyes are closed.
“We’ve been working on an option for users to require their eyes to be open to unlock the phone, which will be delivered in a software update in the coming months,” a Google spokesperson told CyberScoop. “In the meantime, if any Pixel 4 users are concerned that someone may take their phone and try to unlock it while their eyes are closed, they can activate a security feature that requires a pin, pattern or password for the next unlock.”
The episodes highlight how, just like any other technology, biometrics software needs to be rigorously tested for bugs. Tech companies like Apple, Google, and Samsung release new phone models to much fanfare, but the process of updating the devices to keep them secure is always ongoing.
An increasing number of mobile phone users around the world are taking advantage of biometrics on their phone to download apps and make purchases. When done right, biometrics can add a layer of security to users’ communications. In February, WhatsApp said it would allow iOS users to unlock their messages using a fingerprint or facial biometric.
UPDATE, 10/21/19, 12:03 p.m. EDT: This story has been updated with a statement from Google.