Samsung Galaxy S5 Fingerprint Sensor Security Already Hacked And Compromised
It appears that smartphone makers have been watching too many spy flicks, hence the sudden fascination with fingerprint scanning as a security measure. While that may seem like a fine and dandy idea on paper -- and in Hollywood -- the truth is, the biometric technology that's available for consumer handsets just isn't secure. This was again demonstrated on the Internet -- like Apple's iPhone 5S phone, the fingerprint scanner on Samsung's Galaxy S5 is susceptible to fingerprint spoofing.
Never heard of the term? As long as handset makers insist on implementing hackable fingerprint scanners, it's a term you're going to hear over and over again. One way to do this is by taking a photo of a fingerprint using a smartphone camera and then using it to create a mold. Security Research Labs (SRLabs), a security research and consulting firm based in Berlin, demonstrated this in a YouTube video.
The firm created a spoofed fingerprint on a sheet made out of a wood-glue mold. Using the mold, the firm was able to swipe into the Galaxy S5 with ease, just as was demonstrated on Apple's iPhone 5S last year. However, the Galaxy S5 is actually less secure than the iPhone 5S.
Whereas the iPhone 5S also requires users to enter a passcode in certain situations, Galaxy S5 owners need only swipe. For example, if you've linked your PayPal account to the Galaxy S5, a motivated hacker could swipe his way into your account. Even worse, the Galaxy S5 doesn't ask for a password after multiple failed swipe attempts, which means a thief can hone his fingerprint mold until he gets it right.
"Despite being one of the premium phone's flagship features, Samsung's implementation of fingerprint authentication leaves much to be desired," SRLabs notes in its YouTube video. "The finger scanner feature in Samsung's Galaxy S5 raises additional security concerns to those already voiced about comparable implementations."
To be fair, not every would-be thief is going to go through the trouble of lifting a fingerprint. On top of that, if your phone is stolen, one of the first things you should do is lock down any linked accounts, which means a thief would only have a limited amount of time to spoof your fingerprint, gain access to your accounts, and wreak havoc.
Still, fingerprint spoofing is surprisingly simple, so it's something to be aware of.
Never heard of the term? As long as handset makers insist on implementing hackable fingerprint scanners, it's a term you're going to hear over and over again. One way to do this is by taking a photo of a fingerprint using a smartphone camera and then using it to create a mold. Security Research Labs (SRLabs), a security research and consulting firm based in Berlin, demonstrated this in a YouTube video.
The firm created a spoofed fingerprint on a sheet made out of a wood-glue mold. Using the mold, the firm was able to swipe into the Galaxy S5 with ease, just as was demonstrated on Apple's iPhone 5S last year. However, the Galaxy S5 is actually less secure than the iPhone 5S.
Whereas the iPhone 5S also requires users to enter a passcode in certain situations, Galaxy S5 owners need only swipe. For example, if you've linked your PayPal account to the Galaxy S5, a motivated hacker could swipe his way into your account. Even worse, the Galaxy S5 doesn't ask for a password after multiple failed swipe attempts, which means a thief can hone his fingerprint mold until he gets it right.
"Despite being one of the premium phone's flagship features, Samsung's implementation of fingerprint authentication leaves much to be desired," SRLabs notes in its YouTube video. "The finger scanner feature in Samsung's Galaxy S5 raises additional security concerns to those already voiced about comparable implementations."
To be fair, not every would-be thief is going to go through the trouble of lifting a fingerprint. On top of that, if your phone is stolen, one of the first things you should do is lock down any linked accounts, which means a thief would only have a limited amount of time to spoof your fingerprint, gain access to your accounts, and wreak havoc.
Still, fingerprint spoofing is surprisingly simple, so it's something to be aware of.
