Samsung’s Galaxy S5 fingerprint scanner hacked, PayPal accounts at risk

“As noted by German-language security blog H Security, SRLabs has posted video evidence that the fingerprint scanner on Samsung’s Galaxy S5 can easily be spoofed using a lifted print,” Zach Epstein reports for BGR. “In mere minutes, the group was able to create a ‘dummy finger’ using an actual fingerprint to gain unauthorized access to the phone.”

“Some might recall that Apple’s iPhone 5s fingerprint scanner was hacked using the same method,” Epstein reports. “As SRLabs points out, however, the Galaxy S5′s fingerprint security implementation makes this hack far more dangerous.”

“With Apple’s Touch ID system, users are required to input their password one time before using a fingerprint for authentication. The password must be used again once each time the device is rebooted. This extra step seems annoying, but it prevents the very spoof achieved by SRLabs,” Epstein reports. “On Samsung’s Galaxy S5 however, no password is needed to access the device. Even after a reboot, a simple swipe of a finger will unlock the phone. And what could be much more alarming is the fact that, even after a reboot, users don’t need a password to access PayPal and make payments through the app if it has been configured for fingerprint authentication.”

Read more in the full article here.

MacDailyNews Take: Silly half-assed imitators. Smirk.

[Thanks to MacDailyNews Readers “Fred Mertz” and “Bill” for the heads up.]

Related articles:
Apple’s iPhone 5s Touch ID vs. Samsung’s Galaxy S5 fingerprint scanner (with video) – April 4, 2014
Ars Technica: Apple’s Touch ID and 64-bit A7 are deceptively large advances in the iPhone’s evolution – September 24, 2013
Security researcher: Apple iPhone 5s Touch ID is truly better security – September 19, 2013
iPhone 5s Touch ID iPhone fingerprint scanner earns praise – September 19, 2013
Apple’s Touch ID is revolutionary, paradigm-altering technology; Steve Jobs would be quite proud – September 17, 2013
iPhone 5s: Once again Apple leaps ahead with Touch ID fingerprint recognition; a big enterprise win for Apple – September 10, 2013
Apple reveals flagship iPhone 5s with Touch ID, the world’s first and only 64-bit smartphone – September 10, 2013

24 Comments

      1. The thing is… Samsung doesnt really move the interest needle in the media…

        Now if they were to pair this info with the fact that Samsung just released their S5… that would be huge…

        In fact… At some point, it’s about time Apple mentioned it in their release of the 6… or at their WWDC. When talking about their fingerprint scanner say, “We at Apple would hate for our valued customers to have their accounts compromised to thieves as they do with many of Samsungs phones.”

        Can’t argue against “many” (millions), can’t argue against “compromised”(tested by a non-Apple owned entity), and worse yet Samsung phones(it’s obvious which Galaxy version they are talking about).

      1. They claimed it took the same amount of time because the mold used for the Scamsung hack was the same mold from the same hand as the one used for the iPhone spoof as well. They kept the mold and reused it for this one.

    1. If you read the real article these guys used the same mold that it took them hours to make for the iPhone… the same exact mold from the same hand they used to spoof the iPhone. BGR reported that this Samsung hack took minutes however it only ‘took minutes’ because they already created the mold they used a year ago when spoofing iPhones fingerprint reader. Had that mold not already existed it would have taken the 20+ hours it did originally for the iPhone. The difference here is Apple was smart enough to build safeguards of a password; Samsung was not.

  1. Oh no, futter me gently! What shall I do, as all my wordly pelf is syphoned off by fake-fingered malefactors? Oh, nightmare! Gasp!

    Hey, wake up! My iPhone doesn’t run Andreck. Phew! just a bad dream. Ogh, there but for the grace of iOS go I.

    😉

  2. This is actually a great marketing tool AGAINST the S5… But if Apple made reference to this, it should not mention the S5… Just Samsung in general…

    Samsung cant just come out and sue this information out of the media as they try to do in Korea.

  3. This is an outrage! Conspiracy!! Those responsible for those false claims and anyone vile enough to republish their lies will be sued for smearing our good reputation to the tune of a billion dollar per offense!

  4. Thing is, I remember reading about the supposed “hack” of Touch ID, and I never bought it. It was never satisfactorily explained how this fake print worked, given that Touch ID works via capacitance, not pressure, and so won’t mistake plastic for flesh. At the time, many people speculated the hack videos were a hoax, that the phone was actually reading the print of the operator through the plastic. So I don’t know what to think of this.

    ——RM

    1. I don’t think you understand how capacitive screens work mate. Not a knock on you, just stating that because it’s not just ‘flesh’ that capacities react to. For example if you have a water bottle (like a deer park bottle) for instance and it’s full of water; if you rub the bottle on your screen it will react as if your finger was touching it. Likewise they have capacitive styluses and also gloves that have capacitive reacting materials in them so you can use your phone while gloves are on. All that to say, there are materials that create the capacitive interference which capacitive screens measure and react to; it doesn’t have to be human flesh.

      1. Of course, but I saw no evidence the fake fingerprint was made out of any of those materials. My understanding is that the fake fingerprint is something akin to a rubber mold. I can’t see why that would register as a touch.

        ——RM

  5. I’ve always wondered about the supposed ‘hack’ of the iPhone scanner.

    the group says they got a 2400 dpi scan of a fingerprint to make the rubber fingerprint.
    A photo in a glossy magazine is reproduced only about 300 dpi. A 2400 dpi scan is very high resolution which means that very fine details is needed. ( a 2 x 2 inch scan at 300 dpi is a third of a MB in size, a 2400 scan is 22 MB. )

    I doubt you would get enough detail from for example a smudgy glass print. ( a 2400 scan of a smudge is still a smudge. You just get a high res smudge, all the fine lines is missing)
    Did they actually place the real finger on a high res scanner to make the mould? In which case you need the real finger.

    I’m not expert on fingerprint spoofing etc. so I’ve never posted my doubts above before but it’s been nagging me.

Leave a Reply to stucktrader Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.