May 29, 2019 at
Since its debut, the OnePlus 7 has garnered a lot of positive reviews and critics and users alike have been swooning over the phone that many are calling the best of the rest for 2019. The specs are great, the screen is excellent and it has the absolute best gaming performance seen in a Snapdragon phone so far. The 30W charging and UFS 3.0 round off what is perhaps the best-priced flagship phone on the market right now.
However, there is a problem and it has to do with the fingerprint reader, which was hacked by a Youtuber named Max Tech. The Youtuber managed to hack the phone in a matter of minutes by using the oldest fingerprinting trick in the book, a trick called fingerprint molding.
Molding used to break OnePlus 7’s security
What Max Tech in effect did was to put a bit of hot-glue on some tinfoil and proceeded to use this to get his fingerprint impression. One he had the impression on the hot-glue tinfoil, he then went on to fill up the tin foil with simple white school glue. Yes, the kind you can get literally everywhere.
Once it dried out, he had a fingerprint mold that did a passable job of fooling the fingerprint sensor that is located in the screen of the OnePlus 7. This allowed him to get past the lock screen of the phone and into the OS where he had access to everything on the phone.
Watching the video is an interesting learning experience for anyone who is interested in phone and fingerprint security. The best form of defense to know any vectors of attack and this is a classic method that has been used almost since the dawn of fingerprint readers themselves.
Samsung slightly harder to crack
The OnePlus 7 was not the first fingerprint reader to be hacked though, as the same happened to the Samsung Galaxy S10 which also has an in-screen fingerprint reader. The key difference, however, is in the technology used. The Samsung Galaxy S10 has what is called an ultrasonic fingerprint scanner that uses soundwaves to map the topography of a fingerprint for better security.
That being said, it was still hacked within a few days of being released to the public but the process involved was much more difficult. The hacker who bypassed the Samsung fingerprint reader had to go through a more time-consuming route that involved 3d printing and some software wizardry to map the topography of the fingerprint in a 3D modeling program.
A simple mold, like the one used on the OnePlus 7, did not manage to fool the Samsung security. While this veneer of security might make some people feel slightly safer, you can only be as safe as your fingerprint is anonymous and with the amount of trash people throw away with their fingerprints on them is astounding.
Physical access a must
The good thing about these hacks, both for the OnePlus and for the Samsung, is that they require physical access. The best security is to not get your phone stolen or lost. This is easier said than done, but at the end of the day, if you are a high enough value target then someone will go to extreme lengths to get your phone.
Information security is a tricky business and one that should not be taken lightly. Make sure that your data is secure and not all in one place, because a lost phone these days could mean the total loss of your identity.