One of the selling point of the newly released Samsung Galaxy S5 is the Finger Print Scanner feature added. It took just four(4) days after the release for German Security Research Labs (SR Labs) to discover exploits in the Galaxy S5 finger print sensor with a latent print and a bit of wood glue spoof.
“The spoof in question was made under lab conditions but is based on nothing more than a camera phone photo of an un-processed latent print on a smartphone screen,” according to SRLabs.
Following in the footstep of Apple, Motorola, Fujitsu, Samsung embedded a fingerprint sensor in the Home button of the just released Galaxy S5. In a Youtube Clip, SR Labs revealed how flaws in the implementation of fingerprint authentication could expose users data and bank details to attackers and thieves on the Galaxy S5.
Similarly, SR Labs showed vulnerabilities within fingerprint security system last year using the iPhone 5s and its Touch ID feature. This week, they tried again with the Samsung Galaxy S5 smartphone using a mold of latent print and accessed it without issue. As the clip suggests, it could cause serious problems if Scammers proceed to paypal, which also supports finger print authentication on the Galaxy S5.
Another alarming problem is that unlike the iPhone 5S, authentication attempt on the Galaxy S5 is unlimited (no password needed after a certain amount of incorrect attempts) as such any attackers can try as many times as they choose.
SR Labs points fingers at Samsung from not learning from the mistakes of others as the iPhone 5S was hack exactly after Two (2) days it was released last September by German Chaos Computer Club using a latex copy of a fingerprint.
A Video Showing How The Hack Works is embedded Below:
In response to SRLabs’ findings, PayPal issued the following statement:
“While we take the findings from Security Research Labs very seriously, we are still confident that fingerprint authentication offers an easier and more secure way to pay on mobile devices than passwords or credit cards. PayPal never stores or even has access to your actual fingerprint with authentication on the Galaxy S5. The scan unlocks a secure cryptographic key that serves as a password replacement for the phone. We can simply deactivate the key from a lost or stolen device, and you can create a new one. PayPal also uses sophisticated fraud and risk management tools to try to prevent fraud before it happens. However, in the rare instances that it does, you are covered by our purchase protection policy.”
This news is unlikely to affect the sales of the Samsung Galaxy S5 which was released in Nigeria and over 120 countries. Samsung Galaxy S5 can be bought Online On Jumia, Konga and Samsung Shops Nationwide.
