View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
April 16, 2014

Samsung Galaxy S5’s fingerprint sensor ‘hacked’

White hat hackers used earlier method to parody the Touch ID scanner on the Apple’s iPhone 5S to hack Samsung’s authentication technology.

By CBR Staff Writer

Researchers at Germany’s Security Research Labs (SRLabs) have reportedly hacked the highly promoted fingerprint sensor feature in Samsung’s recently launched Galaxy 5 smartphone by spoofing fingerprint.

The white hat researchers bypassed the Galaxy S5’s fingerprint authentication mechanism using a mould with owner’s fingerprint impression, which is a similar method used earlier to parody the Touch ID scanner on the Apple’s iPhone 5S.

SRLabs researcher Ben Schlabs was cited by Ars as saying that the S5 Finger Scanner feature offers nothing new except — because of the way it is implemented in this Android device — slightly higher risk than that already posed by previous devices.

"We expected we’d be able to spoof the S5’s Finger Scanner, but I hoped it would at least be a challenge," Schlabs said.

"Not only is it possible to spoof the fingerprint authentication, even after the device has been turned off, but the implementation also allows for seemingly unlimited authentication attempts without ever requiring a password.

A feature in Samsung Galaxy S5 allows users to transfer funds to other PayPal accounts just with a swipe of a finger, while the latest hack enables hackers to access users’ PayPal account as well as associated bank accounts without even entering credentials.

"Incorporation of fingerprint authentication into highly sensitive apps such as PayPal gives a would-be attacker an even greater incentive to learn the simple skill of fingerprint spoofing," Schlabs adds.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

The latest hack demonstrates the disadvantages of using fingerprints, iris scans, and other physical features to authenticate device owner’s identity to any of the computing devices.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.