(Ping! Zine Web Tech Magazine) – Researchers from Security Research Labs in Berlin have proven that Samsung’s fingerprint scanner on the Galaxy S5 is not secure and can easily be hacked into.
The researchers posted a video demonstrating how they were able to gain access into the device by using a “wood glue spoof” of a photo of a fingerprint smudge left on the screen, reports CNet.
“Despite being one of the premium phone’s flagship features, Samsung’s implementation of fingerprint authentication leaves much to be desired,” stated the researcher in the video. “The finger scanner feature in Samsung’s Galaxy S5 raises additional security concerns to those already voiced about comparable implementations.”
This hack is similar to the same technique used to hack Apple’s fingerprint scanner last year in the iPhone 5S, but with one difference, after a certain amounts of incorrect attempts, Apple requires the user to manually enter a code to gain access into the phone, Samsung does not.
The researchers pointed out that if a hacker were to break into the Galaxy S5 using this technique, they would have access to all apps, including those with sensitive information such as PayPal.
In response to SRL’s video, PayPal released the following statement:
“While we take the findings from Security Research Labs very seriously, we are still confident that fingerprint authentication offers an easier and more secure way to pay on mobile devices than passwords or credit cards. PayPal never stores or even has access to your actual fingerprint with authentication on the Galaxy S5. The scan unlocks a secure cryptographic key that serves as a password replacement for the phone. We can simply deactivate the key from a lost or stolen device, and you can create a new one. PayPal also uses sophisticated fraud and risk management tools to try to prevent fraud before it happens. However, in the rare instances that it does, you are covered by our purchase protection policy.”
The demonstration on how the researchers bypassed the Galaxy S5 can be seen here.