Samsung, Google acknowledge flaws in phone-unlocking biometric tools

The episodes highlight how, just like any other technology, biometrics software needs to be rigorously tested for bugs.
Android mobile phone, Samsung Galaxy S10, Google Play Store
(Kārlis Dambrāns / Flickr)

Tech giants Samsung and Google are grappling with separate flaws in the biometric technology the companies give users to secure their mobile phones.

Samsung said Thursday that it was working on a patch for an issue discovered by a British couple that allows any fingerprint to unlock a Galaxy S10 or Note 10 phone with a certain screen protector on it. After buying a screen protector for her Galaxy S10, Lisa Neilson found both her thumbprints could unlock the phone, as could those of her husband and sister, according to The Sun newspaper.

“We are investigating this issue and will be deploying a software patch soon,” a Samsung spokesperson told CyberScoop. “We encourage any customers with questions or who need support downloading the latest software to contact us directly at 1-800-SAMSUNG.”

Google, meanwhile, has acknowledged to the BBC that the facial recognition system used on its Pixel 4 phone will unlock a phone even if one’s eyes are closed.


“We’ve been working on an option for users to require their eyes to be open to unlock the phone, which will be delivered in a software update in the coming months,” a Google spokesperson told CyberScoop. “In the meantime, if any Pixel 4 users are concerned that someone may take their phone and try to unlock it while their eyes are closed, they can activate a security feature that requires a pin, pattern or password for the next unlock.”

The episodes highlight how, just like any other technology, biometrics software needs to be rigorously tested for bugs. Tech companies like Apple, Google, and Samsung release new phone models to much fanfare, but the process of updating the devices to keep them secure is always ongoing.

An increasing number of mobile phone users around the world are taking advantage of biometrics on their phone to download apps and make purchases. When done right, biometrics can add a layer of security to users’ communications. In February, WhatsApp said it would allow iOS users to unlock their messages using a fingerprint or facial biometric.

UPDATE, 10/21/19, 12:03 p.m. EDT: This story has been updated with a statement from Google.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts