Skip to Content
Samsung.com
Security & privacy

Samsung flaw lets anyone sign in with their fingerprint

Think about all the important information kept on your smartphone. Things like work and personal emails, logins for bank accounts, private photos and so much more can be found on your device.

That’s why it’s crucial to keep them protected the best way possible. You can use a PIN code, facial ID or fingerprint to keep your phone locked. But which provides the best security? Tap or click here to find out.

Now, owners of a popular Samsung phone model are being warned that their data is vulnerable. And it doesn’t take a master hacker to crack your device or social engineering. To exploit this vulnerability, all the attacker needs to do is unlock your phone with any fingerprint. Keep reading to find out how to fix this critical flaw.

Dangerous Samsung Galaxy Note20 flaw

Users of Samsung’s Galaxy Note10 are all too familiar with this exact flaw. In 2019, Note10 users discovered that someone else could unlock their phones through the fingerprint reader.

While the owner’s fingerprint wasn’t compromised, it turned out to be a flaw in the software and used in conjunction with a specific screen protector.

When owners registered their fingerprint to unlock the device, the phone registered the texture underneath the screen protector — and not the fingerprint. This meant that anybody could unlock the phone.

Samsung eventually rolled out a patch to fix the issue, but Galaxy Note20 owners are now dealing with the same problem.

Samsung is aware of it

The tech company has been aware of the flaw since last October. The circumvention technique was reported privately, which is probably why it didn’t make major news headlines.

But that is not to say that Samsung isn’t doing anything about it. On the contrary. If you use a Galaxy Note20, you should immediately update the firmware on your device.

The company released a security patch this week, CVE-2020-0457, which fixes this issue and a host of other vulnerabilities. “An abnormal behavior related with screen protector results in high Frequency Rejection Rate of fingerprint identification,” states Samsung.

To fix the issue, Samsung explained that “the patch adds proper image compensation to avoid inversion for fingerprint enrollment with screen protector.”

RELATED: Samsung just extended the expiration date on these phones – see the list

How to protect your Note20

Getting the update is simple. Open Settings > Software update > Download and install.

If you are unable to download the latest critical security update, you should disable the fingerprint scanner until you can.

To set up a passcode on your Galaxy Note20:

  • Open the Settings menu
  • Tap Lock screen and security
  • Tap Screen lock type
  • Select the PIN option
  • Under Biometrics, make sure that Fingerprints are turned off

The flaw only seems to impact less expensive or low-quality screen protectors or cases. There shouldn’t be much to worry about if you use a protector from a reputable brand.

RELATED: You have to see Samsung’s $150K TV that guides you through a workout

If you’re in the market for a new phone, Samsung announced it would be revealing its new flagship phones this week. While not confirmed, it is widely believed to be the Galaxy S21, S21 Plus and S21 Ultra.

Komando Community background

Join the Komando Community!

Get even more digital know-how and entertainment within the Komando Community! Watch or listen to The Kim Komando Show on your schedule, read Kim's eBooks for free, and get answers in the Tech Forum.

Join Now