FB pixel

Samsung’s Galaxy S5 falls to the same fingerprint hack as the iPhone 5S

 

The fingerprint sensor in the Samsung Galaxy S5 has been spoofed with a fake fingerprint made of wood glue.

Announced shortly after the phone hit the market, the circumstances of this latest hack are almost identical to that of the iPhone 5S last year.

Showed in a video from SRLabs (below), a finger is enrolled on the device, which is then unlocked with the dummy print. In addition to unlocking the phone, the same dummy fingerprint was used to access a PayPal wallet and show that money could even be transferred using the fake print.

SRLabs is a Berlin-based security research and consulting think tank.

As we reported previously in BiometricUpdate.com last year, German hacker collective, Chaos Computer Club claimed that it had spoofed the iPhone’s Touch ID sensor shortly after the phone’s launch and posted a similar video showing the spoof and explaining how it was done.

Though both the S5 and the 5S are easily fooled with dummy fingerprints, there are a few differences in terms of how the phone treats the embedded sensor. On the iPhone, once it’s turned off, a fingerprint alone can’t unlock the device – it requires a password input. On the S5, a fingerprint is all you need.

The iPhone’s Touch ID sensor can only be used to unlock the device or to authorize iTunes purchases. Samsung’s device uses the sensor to perform unlocks and also to make purchases and transfers through PayPal.

In a statement to Business Insider, a PayPal spokesperson acknowledged the spoof, but said the company was still confident in the security of the fingerprint sensor.

“While we take the findings from Security Research Labs very seriously, we are still confident that fingerprint authentication offers an easier and more secure way to pay on mobile devices than passwords or credit cards,” the statement reads. “PayPal never stores or even has access to your actual fingerprint with authentication on the Galaxy S5. The scan unlocks a secure cryptographic key that serves as a passwords replacement for the phone. We can simply deactivate the key from a lost or stolen devices and you can create a new one. PayPal also uses sophisticated fraud and risk management tools to try to prevent fraud before it happens. However, in the rare instances that it does, you are covered by our purchase protection policy.”

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Biometric Update Podcast digs into deepfakes with Pindrop CEO

Deepfakes are one of the biggest issues of our age. But while video deepfakes get the most attention, audio deepfakes…

 

Know your geography for successful digital ID adoption: Trinsic

A big year for digital identity issuance, adoption and regulation has widened the opportunities for businesses around the world to…

 

UK’s digital ID trust problem now between business and government

It used to be that the UK public’s trust in the government was a barrier to the establishment of a…

 

Super-recognizers can’t help with deepfakes, but deepfakes can help with algorithms

Deepfake faces are beyond even the ability of super-recognizers to identify consistently, with some sobering implications, but also a few…

 

Age assurance regulations push sites to weigh risks and explore options for compliance

Online age assurance laws have taken effect in certain jurisdictions, prompting platforms to look carefully at what they’re liable for…

 

The future of DARPA’s quantum benchmarking initiative

DARPA started the Quantum Benchmarking Initiative (QBI) in July 2024 to expand hardware capabilities and accelerate research. In April 2025,…

Comments

4 Replies to “Samsung’s Galaxy S5 falls to the same fingerprint hack as the iPhone 5S”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Market Analysis

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events