The Royal Bank of Scotland (RBS) and NatWest bank have taken their apps off Samsung Galaxy’s S10 range following the discovery of a cybersecurity flaw discovered on the smartphones.
App users recently found that anyone’s fingerprint could bypass the fingerprint authentication system, allowing unauthorised access onto the handsets when they were being used with certain screen protectors.
RBS will not allow their app to be downloaded by consumers until the bug is fixed, reports reveal.
The bank has also instructed individuals who already rely on the downloaded app to “disable biometrics on their device”. It is not yet known whether all 200,000 of the customers concerned have been warned, however.
Customers of Nationwide Building Society and HSBC have been issued similar warnings.
A solution used by Wechat and Alipay, both heavily used for mobile payments in China, has been to remove the fingerprint-powered payment function altogether for apps on the Galaxy S10 and Galaxy Note 10.
No further reports have emerged regarding fraudsters taking advantage of the glitch, but financial centres are telling customers to take care.
A spokeswoman for HSBC UK said:
“We have been in direct contact with customers who may be affected by the potential Samsung security issue, and have recommended that they disable their phone’s fingerprint authentication until a fix is confirmed and they’ve updated their device.”
The vulnerability came to light last week when a man managed to access his wife’s Galaxy S10 using his own thumbprint. The phone in question was held within a cheap phone case.
Having bought a gel screen protector, the British woman, Lisa Neilson, applied her right thumbprint as an unlock code for her device. She then discovered that her left thumbprint could also unlock the phone, even though it had not been registered to do so. Passing the phone to her husband, the pair were shocked to discover that he, too, could unlock the phone using either of his thumb prints.
The S10’s technology, which was dubbed “revolutionary” when launched by Samsung in March, has since been labelled “a real concern” by British media.
The post #Privacy: Cybersecurity concerns force RBS to withdraw Samsung Galaxy S10 app appeared first on PrivSec Report.