Samsung Galaxy S5 Fingerprint Scanner Has Been Hacked; PayPal Accounts at Risk

[dgstorm]

[video=youtube;sfhLZZWBn5Q]https://www.youtube.com/watch?v=sfhLZZWBn5Q[/video]​

Unfortunately, sometimes cool new tech opens up the possibility of "not-so-cool" security vulnerabilities. The newest example of this is the Fingerprint Scanner on the Samsung Galaxy S5. Apparently it has already been hacked and no leaves PayPal accounts at risk until the security bug can be rectified.

The hack in question is a "physical hack" and would require a would-be thief to have a copy of your existing fingerprints, which doesn't make it all that easy to exploit. Despite this it is something that Samsung needs to address. Here's a quote with the details on how the hack works,

As noted by German-language security blog H Security, SRLabs has posted video evidence that the fingerprint scanner on Samsung’s Galaxy S5 can easily be spoofed using a lifted print. In mere minutes, the group was able to create a “dummy finger” using an actual fingerprint to gain unauthorized access to the phone.

To be clear, this is the same fingerprint exploit that was found on the Apple iPhone 5S, but there is a difference that makes it more dangerous on the Galaxy S5. With Apple’s Touch ID system, you are required to input your password once before using a fingerprint for authentication, but it must be entered again each time the device is rebooted. Unfortunately, with Samsung's implementation, no password is needed. Here's another quote with the problem,

Even after a reboot, a simple swipe of a finger will unlock the phone. And what could be much more alarming is the fact that, even after a reboot, users don’t need a password to access PayPal and make payments through the app if it has been configured for fingerprint authentication.

Check out the video above for a demonstration of the issue.

Source: BGR

 

[johnomaz]

Welcome to literally EVERY fingerprint scanner out there. Watch Mythbusters. They even show that a photo copied fingerprint can fool many scanners. This isn't a hack and IMO, not really news. If anything, its a vulnerability in the Paypal app.

 

[dgstorm]

Welcome to literally EVERY fingerprint scanner out there. Watch Mythbusters. They even show that a photo copied fingerprint can fool many scanners. This isn't a hack and IMO, not really news. If anything, its a vulnerability in the Paypal app.

Which is still news worth sharing...

Just because you read about this previously, doesn't mean everyone else has.

 

[Dusty]

What!?

Michael Weston. Pilot episode of Burn Notice.

[video=youtube;MaJbyl5K3H8]https://www.youtube.com/watch?v=MaJbyl5K3H8[/video]

 

[z96Cobra]

This isn't exactly "cool new tech" either. My HP 5555 (Windows CE PDA) had a fingerprint scanner back in the early 2000's. It was very convenient technology & I'm glad it's coming back!

 

[dgstorm]

^^. Very true. I even made that assertion previously in regards to the iPhone 5S and the Galaxy S5. Fingerprint scanners are really more of a gimmick than a "must have" feature yet. The comment at the beginning of the story was simply hyperbole for artistic flare.

 

[Jeffrey]

If anyone knows about fingerprint vulnerabilities it's companies like Sammy, Apple and Paypal. IMO, they are so rushed to bring product to market they tend to take a few shortcuts.