Want to unlock someone else’s phone? Use a screen protector.
-
Samsung: Anyone's thumbprint can unlock Galaxy S10 phone
Firm promises fix after couple discover any fingerprint can unlock the device when put in case.
TL;DR: You can unlock a Samsung Galaxy S10 with any fingerprint if it’s got a silicone screen protector that also covers the fingerprint sensor.
-
-
After buying a £2.70 gel screen protector on eBay, Lisa Neilson registered her right thumbprint and then found her left thumbprint, which was not registered, could also unlock the phone.
I wonder though if it still allows you to unlock when you registered your thumbprint without a screen protector, then added one later? (It actually would make sense that a covered thumbprint reader cannot make heads or tails of a thumbprint when there's plastic in between)
If that's so, you now have a rather interesting way to lock yourself out...
-
@JBert Unless Samsung did something dumb, it'll still let you unlock the phone with a pattern/pin/whatever backup method. That's the way it is on standard Android with a fingerprint reader, at least.
-
@hungrier said in Want to unlock someone else’s phone? Use a screen protector.:
Unless Samsung did something dumb
Admittedly, nothing like that has been proven about the fallback unlock methods. For everything else though, it seems like a valid default stance...
-
A colleague of mine claims since fingerprints and other biometric information should only be used for very important things since they're so easy to steal and you can't change them.
Myself, I instead claim that since fingerprints and other biometric information is so easily copied, it should not be used as a primary factor at all when you care about security, but only as a convenience unlock.
My samsung phone, as I believe to be standard in android, requires a PIN or password (NOT a pattern) as primary credential before fingerprint unlock can be configured, and requires using the primary credential in certain circumstances including after boot-up.
-
@PleegWat said in Want to unlock someone else’s phone? Use a screen protector.:
My samsung phone, as I believe to be standard in android, requires a PIN or password (NOT a pattern) as primary credential before fingerprint unlock can be configured, and requires using the primary credential in certain circumstances including after boot-up.
ISTR that the actual reason for that is the unreliability of fingerprint unlock could lead to too many tries. Same effect but wrong cause, I think.
-
Meanwhile my OnePlus is cheaper, and older, and has the same in-display fingerprint sensor, and does not do this at all. In fact it still reads my fingerprint even after I changed the screen protector, even though the stock one was very thick and the new one is very thin.
-
@Tsaukpaetra said in Want to unlock someone else’s phone? Use a screen protector.:
@PleegWat said in Want to unlock someone else’s phone? Use a screen protector.:
My samsung phone, as I believe to be standard in android, requires a PIN or password (NOT a pattern) as primary credential before fingerprint unlock can be configured, and requires using the primary credential in certain circumstances including after boot-up.
ISTR that the actual reason for that is the unreliability of fingerprint unlock could lead to too many tries. Same effect but wrong cause, I think.
Also, post-boot decryption requires a key derived from the PIN, which the fingerprint can't get you
-
@PleegWat said in Want to unlock someone else’s phone? Use a screen protector.:
My samsung phone, as I believe to be standard in android, requires a PIN or password (NOT a pattern) as primary credential before fingerprint unlock can be configured, and requires using the primary credential in certain circumstances including after boot-up.
My old Samsung tablet requires the password on bootup, but lets you reset the password from the same screen, using the fingerprint
-
@sloosecannon said in Want to unlock someone else’s phone? Use a screen protector.:
Also, post-boot decryption requires a key derived from the PIN, which the fingerprint can't get you
It's a good thing the PIN isn't usually just 4 numbers, or it would be trivial to brute force!
-
@error The most common way is the pattern lock, which is kind of like a PIN except no repeating numbers and some geometric restrictions.
But then again, it lets you make it longer than 4
-
@error said in Want to unlock someone else’s phone? Use a screen protector.:
@sloosecannon said in Want to unlock someone else’s phone? Use a screen protector.:
Also, post-boot decryption requires a key derived from the PIN, which the fingerprint can't get you
It's a good thing the PIN isn't usually just 4 numbers, or it would be trivial to brute force!
Minimum is 6? I think?
I know that's what mine is set to...
Although it's nontrivial to brute force under most circumstances, given that it's attempt-limited. Offline decryption is another story but if that's your threat model you had best not have a 4 digit PIN.
-
@hungrier What geometric restrictions?
-
@pie_flavor said in Want to unlock someone else’s phone? Use a screen protector.:
@hungrier What geometric restrictions?
It can be rather difficult for you to skip through, for example, 7 to 2, if you're not crafty. Most people aren't crafty.
-
@Tsaukpaetra It's super easy. You just have to think, or in this case drag, outside the box.
-
@pie_flavor said in Want to unlock someone else’s phone? Use a screen protector.:
@Tsaukpaetra It's super easy. You just have to think, or in this case drag, outside the box.
You give too much credit to users.
-
@pie_flavor I think if you do one that goes through the center, it either adds the center point or blocks if you've used it already.
e: It appears I was wrong. It'll add it if you haven't used it before, but it lets you pass through it if you do e.g. 5 -> 8 -> 9 -> 1
-
@hungrier Mine doesn't even add it.
e: oh, I see. It adds it when the opposite node is triggered, but not when you're swiping the line around.
-
I'd bet money that the vast majority of patterns are nowhere near random.
-
@pie_flavor As usual, YMMV with any particular Android implementation. I tried it on my old phone, flashed with a custom rom, and it let me choose the size of the pattern, up to 5x5.
-
@error said in Want to unlock someone else’s phone? Use a screen protector.:
I'd bet money that the vast majority of patterns are
a variation of like 10 different basic patterns, N, Z, etc.
-
@topspin said in Want to unlock someone else’s phone? Use a screen protector.:
different basic patterns, N, Z, etc.
have you noticed N is just a Z on it's side ...
-
@Luhmann Wait until you find out that S is just a Z mirrored!
Filed under: Waiting for the I block to clear a tetris.
-
@topspin said in Want to unlock someone else’s phone? Use a screen protector.:
@error said in Want to unlock someone else’s phone? Use a screen protector.:
I'd bet money that the vast majority of patterns are
a variation of like 10 different basic patterns, N, Z, etc.
Mine is 14589. I'm not sure what letter that represents...
-
@Tsaukpaetra M tilted left 45°.
-
@PleegWat said in Want to unlock someone else’s phone? Use a screen protector.:
My samsung phone, as I believe to be standard in android, requires a PIN or password (NOT a pattern) as primary credential before fingerprint unlock can be configured, and requires using the primary credential in certain circumstances including after boot-up.
Can confirm. this is how AOSP works.
Source: My Google Pixel 3 Phone running Android Peanut Butter (or whatever the current version is..... maybe the code name was Quixotic Quetzalcoatl?)
-
@Vixen said in Want to unlock someone else’s phone? Use a screen protector.:
maybe the code name was Quixotic Quetzalcoatl
Your phone is running Ubuntu?
-
@topspin said in Want to unlock someone else’s phone? Use a screen protector.:
@Vixen said in Want to unlock someone else’s phone? Use a screen protector.:
maybe the code name was Quixotic Quetzalcoatl
Your phone is running Ubuntu?
if Android AOSP is based on Ubuntu these days..... yes!
I just wish products used version numbers so i didn't have to memorize code names and the order they come in and which ones are LTS and which ones aren't and it's all so confusing and i don't like it!
-
@Vixen You have a problem with hexavigesimal?
-
@PleegWat said in Want to unlock someone else’s phone? Use a screen protector.:
hexavigesimal
if i have to take my socks off to count your number base is too high.
I worked hard to steal these socks! I'm not taking them off just to count!
