No software is perfect, but Samsung just found a pretty vivid method of reminding us to stay vigilant. Namely, the company just released a changelog detailing the January 2021 security update for its devices which eliminates nine vulnerabilities affecting Galaxy smartphones, including a pretty alarming issue with the Galaxy Note 20 fingerprint reader.
Samsung disclosed that this firmware eliminates “abnormal behavior” resulting in a high frequency of false-positive fingerprint readings on the Galaxy Note 20 and Galaxy Note 20 Ultra. The kicker is that the root of the issue isn't some ingenious hacking vector but a bug associated with screen protectors.
Should you trust fingerprint readers to protect your data?
In other words, slapping a screen protector was all it took to spoof some Galaxy Note 20 fingerprint readers until now. This isn't to say literally any screen protector would have done the job, but Samsung is unsurprisingly light on the details about this situation.
And if all of this sounds familiar, that's probably because owners of Galaxy Note 10 and Galaxy S10 devices already went through these same motions last year.
With that said, it would appear the entire Galaxy Note 20 range was potentially affected. On the bright side, the security flaw was eliminated relatively quickly – in just over two months from its discovery.
The January patch started hitting select Galaxy Note 20 models within the last 24 hours and will presumably take a couple of weeks to roll out globally, as is usually the case.
This episode is just another reminder of why fingerprint authentication shouldn't be considered a true alternative to more traditional authorization methods, such as a PIN or a password. And the very fact Samsung disclosed the said vulnerability confirms it was able to reproduce false-positive fingerprint readings after being tipped off about the issue.