Wednesday, November 20, 2019
Get Adobe Flash player

Four days after Samsung released its long-awaited Galaxy S5, security researchers say they’ve already found a way to hack the smartphone’s fingerprint sensor.

In a video posted Tuesday on YouTube, experts from Security Research Labs demonstrated an apparent breach of the S5 using similar tactics employed late last year to bypass the fingerprint lock on Apple’s (AAPL, Fortune 500) iPhone 5s.

The group says it used a camera-phone photo of a fingerprint on a smartphone screen to create a “fake finger” sheet out of a wood-glue mold. That allowed them to access the S5’s home screen and even send money via the PayPal app, which uses fingerprint authentication.

“Samsung does not seem to have learned from what others have done less poorly,” Security Research Labs said.

“Incorporation of fingerprint authentication into highly sensitive apps such as PayPal gives a would-be attacker an even greater incentive to learn the simple skill of fingerprint spoofing.”

Samsung (SSNLF) did not immediately respond to a request for comment.

In a statement Tuesday PayPal said it took the SRL findings “very seriously,” but was “still confident that fingerprint authentication offers an easier and more secure way to pay on mobile devices than passwords or credit cards.”

The company says it can quickly deactivate fingerprint keys on lost or stolen devices, and that users are covered in case of fraud by its purchase protection policy.

Leave a Reply