Last Week, Samsung’s latest flagship Galaxy S5 goes on sale in more than 110 countries. The Galaxy S5 comes with a fingerprint sensor. The finger print sensor adds a additional layer of security. User can use finger print to unlock the device without the need of Password.
The finger print sensor is a good addition, but it doesn’t mean that it is safe. German blog H Security has found a way to hack the finger print scanner of Galaxy S5.
The hacker has lifted the finger prints on the wood glue mold and used that fake finger to unlock the device. The Galaxy S5 can be easily spoofed and hacker can gain complete access on the device.
The worst thing about this is that Samsung allows to authenticate PayPal payments using finger print sensor. So with the fake finger, the hacker can easily gain access to PayPal and make payments to anyone.
Apple iPhone 5s fingerprint sensor was also hacked using somewhat similar method. But Apple iPhone 5s doesn’t authenticate mobile payment using fingerprint. Also Apple iPhone 5s require entry of passcode after device is rebooted while Samsung Galaxy S5 doesn’t require password, it can be easily fooled with fake finger. So, Apple iPhone 5s TouchID is somewhat safe comparing to Samsung Galaxy S5 fingerprint scanner.
The hacker at H security has also come up with a video demonstrating the steps to hack Galaxy S5. Check the video below:
PayPal, the authorized payment gateway for Galaxy S5, in a statement said “While we take the findings from Security Research Labs very seriously, we are still confident that fingerprint authentication offers an easier and more secure way to pay on mobile devices than passwords or credit cards. PayPal never stores or even has access to your actual fingerprint with authentication on the Galaxy S5. The scan unlocks a secure cryptographic key that serves as a password replacement for the phone. We can simply deactivate the key from a lost or stolen device, and you can create a new one. PayPal also uses sophisticated fraud and risk management tools to try to prevent fraud before it happens. However, in the rare instances that it does, you are covered by our purchase protection policy.”
So, PayPal is clarifying that it doesn’t store finger prints on cloud and they can deactivate it. Well every technology has some pros and cons, and we cannot stop using it because of some limitations. Samsung in the future may come with more security measure to prevent frauds.