Samsung Galaxy S5 fingerprint scanner hacked week after launch

Samsung Galaxy S5 security feature hacked using a fingerprint mould made of glue and graphite spray

The Samsung Galaxy S5's fingerprint scanner has been hacked using a glue mould, just a week after it went on sale.

The fingerprint sensor, used to secure the device against the unauthorised use of apps such as PayPal, was bypassed by Berlin-based Security Research Labs (SRL) who tried to overrule the feature to demonstrate how easy it was to crack.

Advertisement - Article continues below

SRL managed to create the mould from a fingerprint on the Samsung Galaxy S5's screen.

It then transferred the fingerprint using glue and graphite spray. Researchers swiped the faked fingerprint across the sensor, mimicking a finger swipe.

Although other devices - including the iPhone 5S - also boast a fingerprint reader, Samsung is the first to open up the API, allowing third party app developers to integrate the sensor in applications.

If you think into the future, once ATMs have fingerprint scanners and once heads of state start using fingerprint authentication, it's going to become a lot more attractive.

PayPal was the first company to introduce the feature on the Galaxy S5, but the online payment provider doesn't feel too concerned about the flaw.

PayPal told the BBC: "The scan unlocks a secure cryptographic key that serves as a password replacement for the phone.

Advertisement
Advertisement - Article continues below

"PayPal also uses sophisticated fraud and risk management tools to try to prevent fraud before it happens. However, in the rare instances that it does, you are covered by our purchase protection policy."

Advertisement - Article continues below

Another differentiation between Apple's implementation and Samsung's is the iPhone maker does not allow multiple attempts at using the fingerprint scanner to take place if users are not a correct match.

Samsung's device allows you to try five times, put the phone in sleep mode, wake it and try again.

Although only limited information can be accessed at the moment, SRL's project manager Ben Schlabs told the BBC it will become a much bigger concern when fingerprint scanning becomes more prevalent in different applications.

"If you think into the future, once ATMs have fingerprint scanners and once heads of state start using fingerprint authentication, it's going to become a lot more attractive," he said.

"Once people develop better or faster methods, or once there are fingerprint databases of images that get leaked, it's definitely a concern."

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement

Recommended

Visit/mobile/30369/how-to-delete-apps-on-android-and-ios
Mobile

How to delete apps on Android and iOS

6 Jul 2020
Visit/software/356308/the-new-york-times-ends-partnership-with-apple-news
Software

The New York Times ends partnership with Apple News

1 Jul 2020
Visit/mobile/mobile-phones/356274/analysts-predict-iphone-12-models-wont-include-earpods-or-power-adapter
Mobile Phones

iPhone 12 models won't include EarPods or power adapter in the box

29 Jun 2020
Visit/software/development/356273/8-developers-take-home-apple-design-awards
Development

8 developers take home Apple Design Awards

29 Jun 2020

Most Popular

Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/cloud/356260/the-road-to-recovery
Sponsored

The road to recovery

30 Jun 2020
Visit/business-strategy/it-infrastructure/356258/the-growing-case-for-it-flexibility
Sponsored

The growing case for IT flexibility

30 Jun 2020