Samsung Galaxy S5 fingerprint scanner hacked using a “dummy finger” | Latest Tech News, Vid eo & Photo Reviews at BGR India

“By spoofing the scanner, one can also get access to the user’s PayPal account. As the account is configured to accept the fingerprint authentication, one will be able to make any payments via the app”

http://www.bgr.in/manufacturers/samsung/samsung-galaxy-s5-fingerprint-scanner-hacked-using-a-dummy-finger/

Samsung Galaxy S5 fingerprint scanner hacked using a “dummy finger”

Wednesday April 16, 2014, 11:08 AM

samsung-galaxy-s5-fingerprint-scannerIt has barely been a week since the Samsung Galaxy S5 hit stores in more than 125 countries, and already one of its newest features is under the scanner. The flagship device’s fingerprint scanner has been hacked, which invariably also puts a user’s PayPal account at risk.

German security blog H Security has found a way to spoof the fingerprint scanner using a lifted print. So essentially, by picking up the print from the scanner, the group was able to make a dummy finger and use it unlock the device. They have put up a video (embedded below) to show the entire process.

If you remember, last year a German hacking group CCC used the same method to fool the fingerprint scanner on the iPhone 5S. The only one, yet potentially dangerous difference between the two devices is that after rebooting the device, the iPhone 5S needs one to enter the passcode once before giving access to the device. Samsung, on the other hand, doesn’t ask for any such thing and right away gives access to the device.

By spoofing the scanner, one can also get access to the user’s PayPal account. As the account is configured to accept the fingerprint authentication, one will be able to make any payments via the app.

A PayPal spokesperson contacted our colleagues at BGR Classic via email with the following statement:

While we take the findings from Security Research Labs very seriously, we are still confident that fingerprint authentication offers an easier and more secure way to pay on mobile devices than passwords or credit cards. PayPal never stores or even has access to your actual fingerprint with authentication on the Galaxy S5. The scan unlocks a secure cryptographic key that serves as a password replacement for the phone. We can simply deactivate the key from a lost or stolen device, and you can create a new one. PayPal also uses sophisticated fraud and risk management tools to try to prevent fraud before it happens. However, in the rare instances that it does, you are covered by our purchase protection policy.

<a href=”

Previous Next

Advertisements

About Ganesh Srinivasan Consulting

Management Consultant from India with International Solutions Selling, Projects Implementation, Joint Venture, Collaboration and Procurement experience Building a Global Team of Consultants and Niche Products and Services

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: