Banks ban Galaxy S10 Fingerprint Reader - Fingerprint log in removed from banking apps

[yolosnail]

Related to the recent security flaw found with the Galaxy S/Note 10 series, which you can read more about below 

Banks in the UK have decided that the flaw with the fingerprint reader is too much of a compromise for its customers and have started removing the fingerprint option for the app. 

At the moment it's just Nationwide and Natwest that have done so, but I wouldn't be surprised if others followed suit.

 

Quote

UK bank Nationwide Building Society has disabled the fingerprint login option in its app for owners of Samsung Galaxy S10 phones. Another, NatWest, has completely removed support for S10 phones.

It's not just banks in the UK, Bank of China, Hapoalim Bank and KaKao Bank have either removed support or send out a notice to customers telling them to disable it.

Quote

It looks like the Bank of China has dropped support for Galaxy S10, Note10 and Tab S6 owners. Hapoalim Bank, one of Israel’s largest banks, sent out a notice to its customers who use an S10 or Note10 that it has removed support for fingerprint authentication as well. South Korea’s KaKao Bank (an online-only bank) has warned its users to disable fingerprint authentication.

 

I'm honestly surprised they didn't pull the support sooner, with mobile banking it's easy for someone to empty your account and because it was authenticated biometrically I'd imagine there'd be very little chance of you getting your money back.

 

Condiment: https://www.gsmarena.com/banks_around_the_world_are_removing_support_for_the_galaxy_s10_and_note10_from_their_apps-news-39756.php

https://9to5google.com/2019/10/22/s10-fingerprint-banks/

 

Note to mods - feel free to merge with the previous topic if you don't think it's worthy of it's own

 

also, sorry for the clickbait, I couldn't help myself

[IronSoldier]

Good. Though I presume this is more to protect them from someone claiming their phone was stolen than really customer security. 

[RejZoR]

I still don't get it how can a layer of silicone/TPU unlock the phone with any fingerprint. Or is having existing fingerprint from former scans on a glass over the fingerprint sensor and extra layer on top of it makes scanner think it's obtaining legit fingerprint? I couldn't find any info on details. Coz just matching any fingerprint with one stored because some layer is in between makes absolutely no sense. If anything it would or at least should cause even actualowner having problems logging in, not the opposite...

[Bacon soup]

My work phone gets shared with multiple people. It doesnt have a finger print reader, and if it did i bet we wouldnt use it. It would be cool to have a ring that unlocks things instead of a fingerprint.

[GoldenLag]

2 minutes ago, VegetableStu said:

frankly that should extend to the Pixel 4's faceID ._.

frankly we should all just be forced to remember a 25 digit number 

or a random string of 25 symbols

[Deli]

Fingerprint-gate?

[vorticalbox]

22 minutes ago, RejZoR said:

Coz just matching any fingerprint with one stored because some layer is in between makes absolutely no sense.

The screen protector was just how the bug was found but i believe it actually will unlock with any finger print regardless of a screen protector.

[RejZoR]

6 minutes ago, vorticalbox said:

The screen protector was just how the bug was found but i believe it actually will unlock with any finger print regardless of a screen protector.

But how? And how it doesn't affect other phones from Samsung? And how it can't be easily fixed is also weird...

[Kilrah]

The sensor used on these is likely just crappy/buggy...

[MichaelWd]

So this is not a "Nationalwide ban of" the service, it is a ban by the bank called "Nationwide". Title is a bit misleading. 

[Rupe]

As a nationwide customer and S10+ owner it looks as though you can still use the fingerprint scanner when you log into the app you just get this message afterwards (can't take a screenshot of this unfortunatly)"Fingerprint log in on this Samsung Device You may have seen some news coverage about Samsung S10 fingerprint security. Samsung have said a software patch is on its way. Until then, if you haven't done so already, we recommend you disable fingerprint login which you can do via Settings in the app" 

So it looks to only be a recommendation

Edit: I'll just use my webcam for a pic

[Spotty]

55 minutes ago, yolosnail said:

also, sorry for the clickbait, I couldn't help myself

@yolosnail I've edited the title slightly to more accurately reflect the topic. As others have pointed out it was a little too confusing calling it a "Nationwide ban" referring to the bank "Nationwide".

[Commodus]

Yeah, the headline was (unintentionally) misleading.

 

With that said: what is it with Android vendors being unable to make biometric security that can actually be used for secure tasks?  It seems like it's either wildly insecure, should be secure but has a flaw, or isn't quite secure enough to be trustworthy for payment apps.  Even the Pixel 4 can log you in when your eyes are closed (i.e. against your will).

[vorticalbox]

1 hour ago, RejZoR said:

But how? And how it doesn't affect other phones from Samsung? And how it can't be easily fixed is also weird...

because finger print readers are a "that's close enough" as you have very limited space, and in this case everything was good enough. its a software bug where anything matches to the scanned finger print stored on the device.

 

The more worrying part is that no one at Samsung went "hey Jeff can try your finger on my phone"

[jiyeon]

2 hours ago, Deli said:

Fingerprint-gate?

Apple are on the good side of the gates this time around, it seems.

[jdubya421]

I have had an S10 and a Note 10 and I haven't been able to replicate this "bug" with my other fingers or my GF's fingers. ¯\_(ツ)_/¯

[RejZoR]

1 hour ago, vorticalbox said:

because finger print readers are a "that's close enough" as you have very limited space, and in this case everything was good enough. its a software bug where anything matches to the scanned finger print stored on the device.

 

The more worrying part is that no one at Samsung went "hey Jeff can try your finger on my phone"

You can't have something this roughly defined. Especially not something as specific as fingerprint. If anything it would just refuse to match, not match with anything...

[spartaman64]

1 hour ago, RejZoR said:

You can't have something this roughly defined. Especially not something as specific as fingerprint. If anything it would just refuse to match, not match with anything...

but if you make it exact then people would have to reinput their fingerprint every time their hand grows and it doesnt work if their finger isnt perfectly clean or the sensor

[MrRavens]

Welp, thank goodness I got the S10e. Uses the old school capacitive scanner. *wipes sweat* Not gonna lie, I enjoy the finger print convenience. 

[RejZoR]

1 hour ago, spartaman64 said:

but if you make it exact then people would have to reinput their fingerprint every time their hand grows and it doesnt work if their finger isnt perfectly clean or the sensor

Lol? You do know things can be adaptive? Just because your finger grows, your pattern is the same, it just expands at certain ratio. And one thing is if there are some cuts in your finger it can still have certain level of sensitivity that's not 100%.

[alexyy]

Just Tried on my S10, First direct have disabled fingerprint login, Santander hasn't but a warning screen does pop up suggesting I disable the feature.

 

 

[Rohith_Kumar_Sp]

i'd say google is happy they didn't include a finger print scanner, but you can literally unlock your phone with closed eyes or a lookalike or even a pic of you, so there's that. 

[DrMacintosh]

Hopefully US banks retain support for TouchID devices and don’t go all McCarthy on fingerprint readers just because Samsung has a bad implementation. 

[yolosnail]

9 minutes ago, DrMacintosh said:

Hopefully US banks retain support for TouchID devices and don’t go all McCarthy on fingerprint readers just because Samsung has a bad implementation. 

US banks have apps? I thought they were stuck with 1970s technology!

[PlayStation 2]

2 minutes ago, yolosnail said:

US banks have apps? I thought they were stuck with 1970s technology!

See, you have US banks mistaken for US government agencies. By that, I mean the ATF still uses good ol' paper and the FBI uses god-knows-what ancient hardware alongside bleeding edge hardware.