The researcher, who goes by the handle “darkshark,” posted a video and details of the smartphone biometric authenticaion hack on Imgur on Friday. They said it took three tries to “get the right ridge height,” but they ended up successfully creating a 3D-printed fingerprint that unlocks their Galaxy S10 in some cases just as well as my actual finger.”
Samsung did not immediately respond to PCMag’s request for comment.
“If I steal someone’s phone, their fingerprints are already on it,” darkshark pointed out. “I can do this entire process in less than 3 minutes and remotely start the 3d print so that it’s done by the time I get to it. Most banking apps only require fingerprint authentication so I could have all of your info and spend your money in less than 15 minutes if your phone is secured by fingerprint alone.”
To create the 3D print, darkshark said they started out by taking a photo of their fingerprint on the side of a wine glass. After tweaking the image in Photoshop, they used the 3D modeling software 3ds Max to turn it into a raised 3D model, and printed it using an AnyCubic Photon LCD resin printer.
This isn’t the first time a hacker has fooled smartphone biometric authentication with a print. Last year, Rik van Duijn, an ethical hacker with the Dutch security company DearBytes, showed it was possible to beat the OnePlus 6 face unlock feature with a basic 2D printout. And in 2017, researchers at Vietnamese security firm Bkav Corporation bypassed the iPhone X Face ID feature using a 3D-printed mask.