Just three days after the launch of the Galaxy S5, it has been discovered the device’s fingerprint scanner suffers from the same issues that have plagued earlier implementations by Apple and others. A security research firm from Germany called SRLabs has successfully hacked the fingerprint sensor on the Galaxy S5 using a similar method that was used to spoof the Touch ID sensor on the iPhone 5S. First, the team took a photo of a latent fingerprint using a iPhone 4S and then processed it into a wood-glue mold. The mold is then used to bypass the fingerprint authentication mechanism of the Galaxy S5 successfully.
What is disturbing about this mechanism is that SRLabs used the same mold that they used to hack the Touch ID sensor. Even more disturbing is the fact that after logging into the device, the fingerprint hack allows hackers to authenticate digital payments via PayPal without ever having to enter a password. If a hacker does not successfully authenticate a fingerprint in the first attempt, he gets multiple tries to scan the fingerprint, after which he would be able to transfer money from a user’s linked bank account. The additional functionality offered by the finger scanner makes it convenient to authenticate digital purchases, but is susceptible to hacking.
Watch the team from SRLabs successfully hack the Galaxy S5 fingerprint sensor below: