Samsung Galaxy S5 Fingerprint Scanner Hacked [Video]

Samsung Galaxy S5 Fingerprint Scanner Hacked [Video]

Posted by · 13756 views · Translate
A new video from SRLabs demonstrates a hack of the Samsung Galaxy S5 fingerprint scanner and details how flaws in the implementation expose users' devices, data, and even bank accounts to thieves or other attackers.

Apple's Touch ID can also be circumvented by using a fake finger; however, Apple has built-in several safeguards to make exploitation more difficult.

"Perhaps most concerning is that Samsung does not seem to have learned from what others have done less poorly. Not only is it possible to spoof the fingerprint authentication even after the device has been turned off, but the implementation allows for seemingly unlimited authentication attempts without ever requiring a password. Incorporation of fingerprint authentication into highly sensitive apps such as Paypal gives a would be attacker an even greater incentive to learn the simple skill of fingerprint spoofing."

The attacker in the video is able to use Paypal's new app to perform any task he wishes including making purchases and unsolicited money transfers from the users Paypal account.

Paypal has responded to the video with the following statement:

---
While we take the findings from Security Research Labs very seriously, we are still confident that fingerprint authentication offers an easier and more secure way to pay on mobile devices than passwords or credit cards. PayPal never stores or even has access to your actual fingerprint with authentication on the Galaxy S5. The scan unlocks a secure cryptographic key that serves as a password replacement for the phone. We can simply deactivate the key from a lost or stolen device, and you can create a new one. PayPal also uses sophisticated fraud and risk management tools to try to prevent fraud before it happens. However, in the rare instances that it does, you are covered by our purchase protection policy.
---

Take a look at the video below...

Read More [via BGR]


AaronL - April 17, 2014 at 11:46am
To be honest, only a clever career criminal is going to be capable of something like that. Not a petty thief with average intelligence. I watched the Apple one and was quite an eye opener. Clearly good old fashion ways over convenience gets in the way. There's always someone spoiling things.
CHEESE!! - April 17, 2014 at 11:26am
I WANT CHOCOLATE MILK !! -Cheese
iPhone Doctor - April 17, 2014 at 8:31am
This is typical for Samsung Android the insecure system and the perfect paradise for hackers,that's the reason why I don't have a device with android!.
iPhone Doctor - April 17, 2014 at 8:29am
This is typical for Samsung Android the insecure system and the perfect paradise for hackers,that's the reason why I don't have a device with android!.
johno - April 16, 2014 at 8:10pm
You do realize that apple's touchid was passed the exact same way you cant win as long as people try. watch this video http://www.iclarified.com/34059/hackers-circumvent-apples-touch-id-fingerprint-sensor-using-a-printed-finger-video I'm just saying
25 More Comments
Recent