German security experts successfully hack the Samsung Galaxy S5’s fingerprint scanner just four days after release.
Researchers at a German security firm have worked out how to fool the Samsung Galaxy S5‘s fingerprint scanner and break into the phone, just four days after launch. The hack costs over £150 to pull off and involves some lab equipment to create a mould, but worryingly works on any Galaxy S5 with a visible print on the screen.
The boffins from SRLabs took a camera phone photo of a print found on the Galaxy S5, then created a PCB mould of the print and swiped that down the handset’s scanner. The method worked, allowing them access to the phone – and apps such as PayPal which use the scanner for authentication. Eep.
It’s this PayPal support that makes the researchers most concerned, with them claiming it gives ‘a would-be attacker an even greater incentive to learn the simple skill of fingerprint spoofing’. However, PayPal reckons the scanner is still a secure method of authenticating payment.
‘The scan unlocks a secure cryptographic key that serves as a password replacement for the phone,’ PayPal said in a statement. ‘We can simply deactivate the key from a lost or stolen device, and you can create a new one.’
PayPal also pointed out how transactions are covered by its buyer protection policy, so hopefully any victims of fingerprint fraud would get their cash back.
Apple’s iPhone 5s fingerprint scanner was similarly hacked in just 48 hours, at an even lower cost.