Samsung Galaxy S5 Fingerprint Sensor Hacked, PayPal Still Confident!
Samsung Galaxy S5 fingerprint sensor hacked:
Deja vu, anyone? Very much following the footsteps set in the mud by Apple's current flagship handset, the iPhone 5s, Samsung Galaxy S5's fingerprint sensor too has been hacked. Congratulations, everyone! Sarcasm aside, this is quite sad taking in consideration that Samsung was expected to up the game of biometric readers after seeing how Apple's Touch ID went.
- Recommended read: Fix iPhone 5s Touch ID Problems on iOS 7.1 – How to
While the fingerprint reader add an extra layer of security, they also make it more vulnerable and pose more security flaws if not implemented well. As seen with iPhone 5s Touch ID, it was possible to hack the fingerprint using a lifted fingerprint. In the similar fashion, SRLabs have been able to show how a faker fingerprint can be used to gain unauthorized access on Samsung's latest Galaxy S5.
What is more troubling though is that Galaxy S5 is seems to be even more vulnerable than the iPhone 5s since there is no requirement of a passcode after a fingerprint entry. Apple iPhone 5s Touch ID requires a password the first time you boot a device, Samsung has set no such security restriction making it easier to hack into the SGS5 fingerprint sensor. Even after a reboot, Samsung requires no password and a simple swipe of a finger will unlock all of your phone to someone else.
You should be more alarmed about this pretty easy hack if you had intended to use Samsung Galaxy S5 to make PayPal transactions as no password is required to access PayPal and make payments through the app. If you happen to lose your Galaxy S5, or it gets stolen, it is strongly recommended that you use Android Device Manager to wipe your Android handset remotely in order to be safe from any more financial losses.
However, PayPal reaffirms its confidence in a statement to BGR:
While we take the findings from Security Research Labs very seriously, we are still confident that fingerprint authentication offers an easier and more secure way to pay on mobile devices than passwords or credit cards. PayPal never stores or even has access to your actual fingerprint with authentication on the Galaxy S5. The scan unlocks a secure cryptographic key that serves as a password replacement for the phone. We can simply deactivate the key from a lost or stolen device, and you can create a new one. PayPal also uses sophisticated fraud and risk management tools to try to prevent fraud before it happens. However, in the rare instances that it does, you are covered by our purchase protection policy.
Galaxy S5 fingerprint sensor hacked video:
It is yet to be seen if Samsung could bring some software update to Galaxy S5 in order to address this hack by requiring a password or adding any additional security.