FB pixel

Samsung’s Galaxy S5 falls to the same fingerprint hack as the iPhone 5S

 

The fingerprint sensor in the Samsung Galaxy S5 has been spoofed with a fake fingerprint made of wood glue.

Announced shortly after the phone hit the market, the circumstances of this latest hack are almost identical to that of the iPhone 5S last year.

Showed in a video from SRLabs (below), a finger is enrolled on the device, which is then unlocked with the dummy print. In addition to unlocking the phone, the same dummy fingerprint was used to access a PayPal wallet and show that money could even be transferred using the fake print.

SRLabs is a Berlin-based security research and consulting think tank.

As we reported previously in BiometricUpdate.com last year, German hacker collective, Chaos Computer Club claimed that it had spoofed the iPhone’s Touch ID sensor shortly after the phone’s launch and posted a similar video showing the spoof and explaining how it was done.

Though both the S5 and the 5S are easily fooled with dummy fingerprints, there are a few differences in terms of how the phone treats the embedded sensor. On the iPhone, once it’s turned off, a fingerprint alone can’t unlock the device – it requires a password input. On the S5, a fingerprint is all you need.

The iPhone’s Touch ID sensor can only be used to unlock the device or to authorize iTunes purchases. Samsung’s device uses the sensor to perform unlocks and also to make purchases and transfers through PayPal.

In a statement to Business Insider, a PayPal spokesperson acknowledged the spoof, but said the company was still confident in the security of the fingerprint sensor.

“While we take the findings from Security Research Labs very seriously, we are still confident that fingerprint authentication offers an easier and more secure way to pay on mobile devices than passwords or credit cards,” the statement reads. “PayPal never stores or even has access to your actual fingerprint with authentication on the Galaxy S5. The scan unlocks a secure cryptographic key that serves as a passwords replacement for the phone. We can simply deactivate the key from a lost or stolen devices and you can create a new one. PayPal also uses sophisticated fraud and risk management tools to try to prevent fraud before it happens. However, in the rare instances that it does, you are covered by our purchase protection policy.”

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Global ID patents protocols for biometric device as identity credential

Finger vein recognition has drawn increasing attention from the biometrics community in recent years, with more patents being granted and…

 

Vida introduces biometric identity stack to fight fraud in Indonesia

As digital transformation accelerates globally, the threat of cybercrime continues to grow, driving demand in underserved countries. In Indonesia, homegrown…

 

EU gathers feedback on EUDI Wallet certification, implementation

As the European Union approaches the launch of its digital identity project, feedback on the certification of the conformity of…

 

ACI pushes back on Philippine national ID card contract cancelation

The Philippine government’s national ID system has come under scrutiny, as the Bangko Sentral ng Pilipinas (BSP) faces criticism for…

 

Brazilian digital ID firm Unico acquires Oz Forensics and Trully.AI

Brazilian digital identity unicorn Unico has announced more acquisitions. The selfie biometrics provider, backed by the likes of Goldman Sachs,…

 

Pakistan ID agency chair out after court rules appointment violates constitution

A legal standoff appears to be brewing between Pakistan’s military government and judiciary, after the Lahore High Court ordered the…

Comments

4 Replies to “Samsung’s Galaxy S5 falls to the same fingerprint hack as the iPhone 5S”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events