RBS and NatWest REMOVE their banking apps for Samsung S10 users because of fingerprint security flaw

RBS and NatWest have pulled their apps from the Google Play Store for Samsung S10 devices amid fears a fingerprint security flaw may allow fraudulent access.

West Yorkshire resident Lisa Neilson, 34, revealed the bug last week, which lets anyone unlock an S10, via its fingerprint scanner, using certain screen protectors.

S10 owners will be unable to download the apps until Samsung issues a fix — with existing app users encouraged to temporarily disable their phones’ biometrics.  

To date, there are no known reports of criminals using the glitch in order to commit fraud, but customers are nevertheless being advised to play it safe.

The Nationwide Building Society and the HSBC have also issued warning to customers who make use of their online/app-based banking services. 

In China, mobile payment leaders Alipay and Wechat are reported to have disabled the fingerprint payment option in their Galaxy apps.

A spokesperson for Samsung said that the tech firm is ‘aware of the case of S10’s malfunctioning fingerprint recognition and will soon issue a software patch.’ 

The bug-fixing update is expected to be rolled out this week.

‘We have been in direct contact with customers who may be affected by the potential Samsung security issue,’ a spokesperson for HSBC told the BBC.

The bank, they added, ‘have recommended that [users] disable their phone’s fingerprint authentication until a fix is confirmed and they’ve updated their device.’ 

The flaw in the scanner arises from the device confusing patterns inside silicone screen protectors with someone’s fingerprint — allowing anyone to unlock the device as long as the protector is kept on and biometric remains enabled.

Fingerprint-locking technology has been built into smartphones for years and is intended as an extra, impenetrable layer of security. 

RBS and NatWest have pulled their apps from the Google Play Store for Samsung S10 devices amid fears a fingerprint security flaw may allow fraudulent access

To date, there are no known reports of criminals using the glitch in order to commit fraud, but customers are nevertheless being advised to play it safe. Pictured, a branch of NatWest, who have recently pulled their banking app from the Google Play store for Samsung S10 devices

However Mrs Neilson told The Sun last weekend that, having set up the ID system with her right fingerprint, she found that she could also open it with her left.

Next, she found that her husband could also unlock the phone with his own thumbprints, which weren’t registered with the device.

‘This means that if anyone got hold of my phone they can access it and within moments could be into the financial apps and be transferring funds,’ she said.

‘It’s a real concern. We called Samsung because we thought there was a fault with the phone.’

‘The man in customer services took control of the phone remotely and went into all the settings and finally admitted it looked like a security breach.’

HOW WILL FINGERPRINT BANK CARDS WORK?

Dutch chipmaker Gemalto has launched a range of bank cards with an in-built fingerprint scanner.

This authenticates the payment and replaces the traditional PIN (Personal Identification Numbers).

Customers scan their fingerprint on a small sensor found on the right hand-side of the bank card.

Fingerprint data is stored on the card, not on a central database.  

Since the biometric card works with current standards, there is no need to change the existing infrastructure.

The magnetic field generated by the card machine used for payment powers the scanner, meaning no battery is needed.

For biometric cards, little will have to change. Customers will need to register their fingerprint at their local bank via a tablet. This then stores the biometric data of every person on their card, but not on a central database