It has only been less than a week since the Samsung S5 handset went on sale, yet the finger print sensor has already been hacked, talk about smart brains.
The good thing is that this hack was not illegal but was done by the Security Research Labs (SRL), who duped the equipment using a mould it had previously created to takeoff the sensor on Apple’s iPhone 5S.
SRL created its hack by lifting a real fingerprint from a smartphone screen and then carrying out a fairly elaborate process to create a mould out of glue and graphite spray. This was then swiped across the sensor that sits in the phone’s home button.
The researchers said they were concerned that thieves could exploit the flaw in Samsung’s device to trigger money transfers done through PayPal.
PayPal seems less concerned with the security gap and said: “While we take the findings from Security Research Labs [SRL] very seriously, we are still confident that fingerprint authentication offers an easier and more secure way to pay on mobile devices than passwords or credit cards.”
PayPal added that even if users were hacked it would cover their losses. Samsung on the other hand had nothing to say
SRL acknowledged that the fingerprint scanner made it simpler to access, but criticized the company for not requiring a second form of authentication, such as a Pin code.
However, PayPal said Galaxy S5 users should not be deterred from using the feature.
“The scan unlocks a secure cryptographic key that serves as a password replacement for the phone,” said the research body. “PayPal also uses sophisticated fraud and risk management tools to try to prevent fraud before it happens. However, in the rare instances that it does, you are covered by our purchase protection policy.”