According to a report by German security blog H Security (via BGR), the fingerprint scanner on the recently released Samsung Galaxy S5 has already been hacked, leaving owners’ devices and their PayPal accounts at serious risk. A video posted by Security Research Labs has revealed that the fingerprint scanner on Samsung’s Galaxy S5 can easily be spoofed using a lifted print.
It took merely a few minutes for the security group to create a “dummy finger” using an actual fingerprint to gain unauthorized access to the phone. While the iPhone 5s fingerprint scanner was also hacked using a similar method, SRLabs points out that the Galaxy S5’s fingerprint security implementation makes this hack way more dangerous. With Apple’s Touch ID system, users are required to input their password one time before using a fingerprint for authentication, but in the Galaxy S5, no such protection is available.
“On Samsung’s Galaxy S5 however, no password is needed to access the device. Even after a reboot, a simple swipe of a finger will unlock the phone. And what could be much more alarming is the fact that, even after a reboot, users don’t need a password to access PayPal and make payments through the app if it has been configured for fingerprint authentication.”
PayPal has said in a statement to BGR that PayPal uses “sophisticated fraud and risk management tools” to try to prevent fraud before it happens. “However, in the rare instances that it does, you are covered by our purchase protection policy”.
Here’s a video demonstrating how the hack exactly works:
