Banks pull Samsung S10 apps over security flaw

Fingerprint reader

Image caption

A graphic symbol on the Galaxy S10 tells users where they need to press to provide a fingerprint

RBS and its sister bank Natwest have pulled their apps for the Samsung Galaxy S10 after a security flaw was found on the phone.

Last week, users found the device could be unlocked by anyone via its fingerprint authentication system when used with certain screen protectors.

S10 owners will be unable to download RBS apps until the issue is fixed.

The bank is also encouraging those with the app already downloaded “to disable biometrics on their device”.

However, it would not confirm whether it had warned all 200,000 of its customers who use the Galaxy S10.

Skip Twitter post by @NatWest_Help

End of Twitter post by @NatWest_Help

Nationwide Building Society and HSBC have issued similar warnings to customers, along with banks in Israel and South Korea, according to reports.

Meanwhile, Wechat and Alipay, who together dominate China’s mobile payments market, have reportedly disabled the fingerprint payment option on their apps for the Galaxy S10 and Galaxy Note 10.

So far there have been no reports of people using the glitch to commit fraud – but banks are urging customers to be vigilant.

An HSBC UK spokeswoman said: “We have been in direct contact with customers who may be affected by the potential Samsung security issue, and have recommended that they disable their phone’s fingerprint authentication until a fix is confirmed and they’ve updated their device.”

  • Samsung: Anyone’s thumbprint can unlock S10 phone

The flaw was spotted last week by a British woman, whose husband was able to unlock her Galaxy S10 with his thumbprint when it was stored in a cheap case.

After buying a £2.70 gel screen protector, Lisa Neilson registered her right thumbprint and then found her left thumbprint, which was not registered, could also unlock the phone.

She then asked her husband to try and both his thumbs also unlocked it.

When the screen protector was added to another relative’s phone, the same thing happened.

The couple told the Sun newspaper it was a “real concern”.

When the S10 was launched, in March, Samsung described the fingerprint authentication system as “revolutionary”.

Unlike other ID systems, a scanner sends ultrasounds to detect 3D ridges of fingerprints in order to recognise users. However, reports have suggested some screen protectors are incompatible with the reader because they leave a small air gap that interferes with the scanning.

Samsung has said it is “aware of the case of S10’s malfunctioning fingerprint recognition and will soon issue a software patch”.

Banks understand a fix will be rolled out this week, but on Thursday the South Korean firm was unable to confirm when that might happen.