The fingerprint reader on Samsung’s flagship S10 and Note10 smartphones can be spoofed with a $3 screen protector.

That’s according to a British woman who claimed that after fitting the screen protector she was able to unlock her S10 using any one of her fingerprints, including ones not enrolled in the phone’s authentication system.

Then she reportedly asked her husband to try the same thing, and his thumbprints worked too, as did the same trick on her sister’s Samsung. Obviously, something was up.

She called Samsung:

The man in customer services took control of the phone remotely and went into all the settings and finally admitted it looked like a security breach.

The company’s initial response:

We’re investigating this internally. We recommend all customers to use Samsung-authorised accessories, specifically designed for Samsung products.

Then, last week in comments to Reuters, Samsung admitted the problem was real and said it would release a software patch:

We are investigating this issue and will be deploying a software patch soon. We encourage any customers with questions or who need support downloading the latest software to contact us directly.