This Week in Cybersecurity: October 18

There were only a couple stories that caught my attention this week. One relates to an issue with the biometric security on Samsung Galaxy S10 devices, and the other has to do with the launch of the new United States Cybersecurity Directorate.

Here we go:

Biometric Insecurity on Galaxy Devices

A woman in the United Kingdom stumbled on a serious issue with Samsung Galaxy S10 devices. She discovered that even though she only registered her right thumb to unlock her device, she was able to gain access with her left thumb as well. She then did some further digging and found that her husband could also unlock her phone with either of his thumbs, and that the same issue existed on her sister’s Galaxy device as well.

The issue was brought to Samsung’s attention and they investigated. It turns out that some silicone screen protectors interfere with the ultrasonic fingerprint sensor on the Galaxy S10, S10 Plus, and S10 5G, as well as the Galaxy Note 10 and Note 10 Plus. The fingerprint sensor detects 3-dimensional patterns in the screen protector and registers it as the user’s fingerprint.

Samsung issued a statement announcing that a patch is coming soon and offering the following guidance:

To prevent any further issues, we advise that Galaxy Note10/10+ and S10/S10+/S10 5G users who use such covers to remove the cover, delete all previous fingerprints and newly register their fingerprints.

If you currently use front screen protective covers, to ensure optimum fingerprint scanning, please refrain from using this cover until your device has been updated with a new software patch.

The thing that seems most odd about this to me is that the result of the flaw is to grant access. I can understand if the screen protector interferes with the ability to accurately read the fingerprint and prevents the device from unlocking. That would make sense. In this case, though, it seems that the fingerprint sensor couldn’t get an accurate read and just decides that any fingerprint is close enough. That doesn’t instill tremendous confidence in the protection of the biometric security.

United States Launches Cybersecurity Directorate

The United States government and the United States military have seemingly countless teams and agencies dedicated to various aspects of cybersecurity. Last week, the National Security Agency (NSA) announced the formation of the new Cybersecurity Directorate in an effort to correlate and coordinate those efforts for a more comprehensive effort.

The vision behind the Cybersecurity Directorate is to form partnerships between various groups to enable technical and intelligence experts pool resources and compare notes. The Cybersecurity Directorate will ostensibly enable the NSA to integrate efforts by cyber defense experts to operationalize threat intelligence and vulnerability assessments.

NSA director General Paul Nakasone said, "What I’m trying to get to in a space like cyberspace is speed, agility, and unity of effort."

This move makes sense and mirrors similar efforts in the private sector. Different groups and different cyber disciplines collect and analyze data to develop intelligence about evolving techniques and emerging threats, but each one is like having just a handful of pieces from a massive jigsaw puzzle. By combining the intelligence and coordinating the effort, the pieces can be put together to reveal much more of the puzzle and help organizations stay a step ahead of attackers.

About the Author

Tony Bradley - Senior Manager of Content Marketing for Alert Logic

Tony Bradley

Tony Bradley is Senior Manager of Content Marketing for Alert Logic. Tony worked in the trenches as a network administrator and security consultant before shifting to the marketing and writing side of things. He is an 11-time Microsoft MVP in security and cloud and has been a CISSP-ISSAP since 2002. Tony has authored or co-authored a dozen books on IT and IT security topics, and is a prolific contributor to online media sites such as Forbes and DevOps.com. He has established a reputation for effective content marketing, and building and engaging a community and social media audience.

Connect | Email Me | More Posts by Tony Bradley