Potential Security Flaw Revealed in Samsung S10 Crypto-Wallet Smartphone

While the choices of ENJ and COSM are somewhat surprising, offering a Bitcoin (BTC) and Ethereum (ETH) wallet on a smartphone seems like a smart move. As cryptocurrency markets continue to gain traction, users will likely continue hunting for digital wallets that provide the most functionality with the least complexity.

Potential Security Risk

However, in spite of the potential viability for being a widely adopted device for crypto storage, a recent Imgur post has revealed that the device’s security may be easily deceived. The hack uses a 3D printed image of a fingerprint to fool the ultrasonic unlock feature on the phone. The technique does requires some serious tech know-how for success, however, for a wallet containing a large amount of cryptocurrency, it could be extremely lucrative in the hands of unauthorized actors. The process involves taking a photo of a fingerprint from the owner of the phone. This could be relatively easily obtained from a glass, or even from the phone itself. The print is then enhanced in photoshop, increasing depth for readability. According to the post:

If I steal someone’s phone, their fingerprints are already on it. I can do this entire process in less than 3 minutes and remotely start the 3d print so that it’s done by the time I get to it. Most banking apps only require fingerprint authentication so I could have all of your info and spend your money in less than 15 minutes if your phone is secured by fingerprint alone.

The tricky part, though, is creating a 3D printed image of the fingerprint that is the right depth ratio. But for those wishing to try, the one who discovered the flaw has made those measurements public. Using only the printed fingerprint model, the phone can be easily unlocked.

Hardware Wallet Exposure

The issue is increasingly complex for cryptocurrency users. Since the process allows a user to easily unlock the crypto wallet, a thief could conceivably follow the process above to not only steal the phone but drain personal crypto wallets resulting in substantial losses. Of course, no system of storage is completely secure. Even the most protected wallet systems can still be hacked, and even cold storage wallets can be opened by users who are being threatened. Recent news of an attack on a crypto holder with a drill proves no one is safe. However, the security flaw in the Samsung S10 is more dramatic. Simply by stealing the hardware (assuming a fingerprint is intact), a thief has the ability to unlock and access the wallets. This allows for rapid crypto theft without a means of security that is not tied to the hardware, as with other hardware wallets. Do you think the Samsung S10 security flaw is a critical issue? Is the process too much work for any thief to actually try? Let us know your thoughts in the comments below!