Security researchers from SRLabs in Germany posted a video on YouTube showing how they were able to hack into the Galaxy S5’s fingerprint scanner. They used wood glue to create a mold of a fingerprint which was able to fool the scanner into thinking they had used a real fingerprint.
How the Galaxy S5 hack works
This is the same method they used to hack the iPhone 5S Touch ID fingerprint scanner, indicating that this technology leaves much to be desired—no matter which company is making the fingerprint scanner. The researchers used a picture of a hidden print on the screen of the Galaxy S5 to make the mold of the fingerprint and were able to even use it when the smartphone was turned off.
In order to photograph the hidden print on the Galaxy S5, researchers used magnesium powder to light them up.
Galaxy S5 fingerprint hack provides open access
What may be most concerning is that the fake fingerprint not only provided access to the owner’s Galaxy S5, but also bank accounts and the user’s PayPal account. By simply swiping the fake fingerprint, they were able to log into the owner’s PayPal account without even having to enter in a password. Once logged into the PayPal app on the Galaxy S5, the hacker was able to do anything he wanted, including make purchases and even withdrawing money and send it to his own bank account.
This does differ than the Touch ID sensor on the iPhone 5S, however, because Apple Inc. (NASDAQ:AAPL) has currently restricted use of the scanner to unlocking the phone rather than using it for payments, although that functionality is believed to be coming, possibly in the iPhone 6 this year.
According to PC World, PayPal wasn’t too concerned about the vulnerability in the fingerprint scanner. The payment services provider said it doesn’t store or even access a user’s fingerprint. Instead, when the print is scanned, it unlocks a “secure cryptographic key” which simply replaces the password. PayPal said it can deactivate that key on a lost or stolen device, enabling users to create a new key.
The problem with fingerprint scanners
While many see the usage of fingerprint scanners as adding another layer of security, a big problem is that people can’t ever change their fingerprints. Once someone steals their prints, they can access anything the person users their print as a password for, whether it’s their Galaxy S5 or anything else. As a result, companies should be focusing on making fingerprints extremely hard to steal.
The vulnerability in the Galaxy S5’s fingerprint scanner probably won’t have much of an impact on sale of the handset, as the average consumer may not even be thinking about this type of thing.
