Samsung's Fingerprint Sensor Lock Already Broken
Published on: 16th Apr 2014
Note -- this news article is more than a year old.
A security firm claims to have hacked the fingerprint sensor supplied in the Samsung Galaxy S5, which puts the sensor's application as a payment authorisation service in jeopardy.
Germany-based Security Research Labs used the same method as they previously used to bypass the fingerprint security on Apple's iPhone 5s -- a mould.
Paypal has developed a method of using Samung's fingerprint sensor to authorise payments, but downplayed the impact of the security firm's research.
"While we take the findings from Security Research Labs [SRL] very seriously, we are still confident that fingerprint authentication offers an easier and more secure way to pay on mobile devices than passwords or credit cards," PayPal said.
The payment processor added that it covers losses if customers are affected by fraud.
The hack is based on taking a copy of a user's fingerprint from the smartphone's screen, then created a mould of that and using the fake fingerprint to fool the scanner.
The other concern added by the researchers is that while the phone locks up after five failed fingerprint scans, all the thief has to do is switch the phone off and on again to reset the counter before the handset locks back to zero.
Samsung has not commented on the reports.