Samsung did not learn from the mistake of Apple. Result: The fingerprint scanner in its flagship phone Galaxy S5 is as insecure and poorly implemented as the one in iPhone 5S, which debuted last year. A German security firm, SRLabs that hacked the fingerprint scanner in iPhone 5S last year by spoofing fingerprint, has showed that the same method can be used to bypass the fingerprint authentication in Galaxy S5.
SRLabs posted a video showing that a Galaxy S5 using fingerprint authentication can be easily broken using a mould that has fingerprint impression of the phone user. The firm said that creating the mould doesn’t require much effort.
“Despite being one of the flagship features of Galaxy S5, Samsung’s implementation of fingerprint authentication leaves much to be desired,” the firm said. “Perhaps most concerning is that Samsung does not seem to have learned from what others have done poorly.”
SRLabs says that the implementation of fingerprint scanner in Galaxy S5 is even more shoddy than what was found in iPhone 5S. Apple requires a password after every reboot before users can unlock their iPhone 5S with fingerprint scanner. It also requires a password after a certain number of failed attempts with fingerprint scanner.
But in the case of Galaxy S5, users can make any number of attempts to unlock the device with fingerprint scanner. Also, a reboot doesn’t lock the fingerprint scanning feature.
In its video, SRLabs highlights that using the Galaxy S5 fingerprint hack, an attacker can enter the Paypal app on the phone and steal money with ease.
In its post about the fingerprint scanner in iPhone 5S, SRLabs wrote that the technology had long way to go before it could be considered safe. “Users leave copies of their fingerprints everywhere; including on the devices they protect. Fingerprints are not fit for secure local user authentication as long as spoofs (fake fingers) can be produced from these pervasive copies,” said the firm.