Researchers crack Galaxy S5 fingerprint reader and access PayPal app

Security researchers from SR Labs have cracked the Samsung Galaxy S5's fingerprint reader, gaining access to the handset and using it to make PayPal transactions.

  5 Be the first to comment

Researchers crack Galaxy S5 fingerprint reader and access PayPal app

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

Repeating a trick it pulled on the Apple 5s last year, SR Labs used a camera phone image of a latent print taken from a handset screen to create a mould from wood glue which could fool the S5's scanner.

Once inside the phone, the researchers also managed to use the same technique to access the PayPal app - which uses the fingerprint scanner instead of passwords to authenticate users - and wire money from an account.



SR Labs admits that the spoof was made under lab conditions but says that it should still worry Samsung and its customers, particularly because the handset allows would-be crooks to have as as many attempted swipes as necessary.

However, PayPal has played down the threat, issuing a statement saying: "PayPal never stores or even has access to your actual fingerprint with authentication on the Galaxy S5. The scan unlocks a secure cryptographic key that serves as a password replacement for the phone. We can simply deactivate the key from a lost or stolen device, and you can create a new one."

Sponsored [On-Demand Webinar] Solving the KYC challenge with end-to-end processes

Comments: (0)

[Webinar] Reaping the benefits of Hyper-Personalisation with AI and Application ModernisationFinextra Promoted[Webinar] Reaping the benefits of Hyper-Personalisation with AI and Application Modernisation