Samsung Galaxy S5 Fingerprint Sensor Hacked In One Week
The Engineer
So we were all really excited about the new Galaxy S5 with all its innovative features but it would seem that some decided to check out just how safe Galaxy S5 is and well, the results are not very re-assuring. Security Research Labs, which is based in Berlin has tested the fingerprint sensor that, practically speaking, is the main feature of Galaxy S5. They were successful in hacking the fingerprint sensor in under a week. The equipment employed was the same one they had created to test Apple’s iPhone 5S.
According to the research team, they carried out this test because they were concerned with just how safe it is to use PayPal by utilizing this device. However, PayPal says; ‘While we take the findings from Security Research Labs [SRL] very seriously, we are still confident that fingerprint authentication offers an easier and more secure way to pay on mobile devices than passwords or credit cards.’ The firm further added that in case of a hack, the firm would cover the losses of users. No comments have been given by Samsung as of yet.
Let’s see how SRL managed to hack into Galaxy S5; the research lab was capable of taking an imprint of fingerprint from the smartphone screen and then employed an elaborate process to come up with a mould that had been made of glue and graphite spray. This mould was used to hack the device’s sensor and surprisingly enough, it worked. Ben Schlabs, project manager, says; ‘The fingerprint mould was actually one I made for the Apple device back in September. All I had to do was take it out of the reject pile as it wasn’t one of the ones that ended up working on the iPhone 5S for whatever reason. It was the first one I tried and it worked immediately on the S5.’
Mr. Schlabs also pointed out another glitch in the Galaxy S5, where it seemed that it won’t be able to lock out thieves or hackers. According to Mr. Schlabs; ‘Samsung could have enforced a password [lock-out] after five failed swipe attempts. But the way it works is that if it fails five times and asks for a password, if you just turn the screen off and back on again you can have another try.’ Apple’s fingerprint sensor is only used for unlocking the phone or making purchases on iTunes. However, Samsung has given third party applications the permission to use the sensor and that is where the issue comes in. That being said, PayPal is still confident and was reported saying; ‘The scan unlocks a secure cryptographic key that serves as a password replacement for the phone. We can simply deactivate the key from a lost or stolen device, and you can create a new one. PayPal also uses sophisticated fraud and risk management tools to try to prevent fraud before it happens. However, in the rare instances that it does, you are covered by our purchase protection policy.’
Although it is being said that one can easily the wipe the data off the phone in case of a theft or losing phone, SRL argues that with the technology becoming more mainstream and advanced hacking systems coming into play this would require a bit more serious solution that is long term. SRL says; ‘If you think into the future, once ATMs have fingerprint scanners and once heads of state start using fingerprint authentication, it’s going to become a lot more attractive. Our method is pretty rudimentary and has been around for at least a decade and it worked on a phone that was only released last week. Once people develop better or faster methods, or once there are fingerprint databases of images that get leaked, it’s definitely a concern.’
We hope the Samsung would pay heed to SRL’s warning and work to come up with more secure phone. Check out the youtube video below for more details: