Nearly two weeks after a Samsung Galaxy S10 user reported a fingerprint scanner vulnerability that allows anyone to access her device, three banks in the UK have now suspended Galaxy S10 and Note10 from their mobile banking services.
According to a report from Bleeping Computer, both the National Westminster Bank and the Royal Bank of Scotland (RBS) have decided to take countermeasures by pulling their banking apps off the Play Store for Galaxy S10 and Galaxy S10+ users.
Meanwhile, the Nationwide Building Society, another financial institution, has decided to disable the fingerprint authentication option on their apps.
On Oct 13, Lisa Neilson, a Galaxy S10 user from the UK, told The Sun she and her husband discovered a fingerprint scanner glitch that enables anyone to access her Samsung phone using a silicone case.
According to Neilson, her Samsung phone became accessible to anyone when she fitted a £2.70 screen protector that she bought on eBay.
“This means that if anyone got hold of my phone, they can access it and within moments could be into the financial apps and be transferring funds. It’s a real concern,” she told the news company.
“We called Samsung because we thought there was a fault with the phone. The man in customer services took control of the phone remotely and went into all the settings and finally admitted it looked like a security breach,” she added.
In response to the news, Samsung released a statement on Oct 18, saying it was looking into the issue and promises that a software update is planned to be released soon.
“This issue involved ultrasonic fingerprint sensors unlocking devices after recognizing 3-dimensional patterns appearing on certain silicone screen protecting cases as users’ fingerprints,” the tech giant confirmed.
“To prevent any further issues, we advise that Galaxy Note10/10+ and S10/S10+/S10 5G users who use such covers to remove the cover, delete all previous fingerprints and newly register their fingerprints. If you currently use front screen protective covers, to ensure optimum fingerprint scanning, please refrain from using this cover until your device has been updated with a new software patch,” the statement added.
To date, it is unclear whether other banks outside the UK will follow the same security steps. However, as noted by Bleeping Computer, one Reddit user from Israel already mentioned that their banks have disabled the fingerprint authentication feature. In another case, a user from the U.S. also reported that their bank has already disallowed the use of Samsung Pay at an ATM.