Security Vulnerability

A fake fingerprint is used to open a Galaxy S5 in a YouTube video by SRLabs posted on April 15.
A fake fingerprint is used to open a Galaxy S5 in a YouTube video by SRLabs posted on April 15.

 

CNN Money reported on April 15 (local time) that experts found a way to hack the fingerprint sensor of the Galaxy S5 just four days after its launch.

German security firm SRLabs posted a video on YouTube that demonstrates how to unlock the Samsung phone with a fake fingerprint, using similar tactics employed last year to bypass the fingerprint lock on Apple’s iPhone 5s.  

A cameraphone photo of a fingerprint on a smartphone screen was used to create a fake finger sheet out of a wood-glue mold. It enabled security researchers to access the home screen of the phone and to even send money via the PayPal app using fingerprint authentication.  

The firm pointed out that Samsung does not appear to have learned any lessons from other similar cases. It also remarked, “Incorporation of fingerprint authentication into highly-sensitive apps such as PayPal gives a would-be attacker an even greater incentive to learn the simple skill of fingerprint spoofing.” 

PayPal said in a statement that it took the findings very seriously, but was still confident that it is easier and more secure to pay on mobile devices using fingerprint authentication than passwords or credit cards.

Copyright © BusinessKorea. Prohibited from unauthorized reproduction and redistribution