Samsung S5 Biometric Fingerprint Reader Hacked

Are biometric payments ready for primetime?

Samsung’s flagship Galaxy S5 smartphone features a fingerprint scanner and is a much advertised feature meant to put it on the same playing field of other smartphone manufacturers (namely Apple).

Used in conjunction with the PayPal mobile app when configured for fingerprint authentication, it allows for quick one-touch mobile payments.

However, the folks at SRLabs have cracked the fingerprint scanner, proving once again that nothing is absolutely secure.

Using a “camera phone photo of an unprocessed latent print on a smartphone screen” SRLabs created a mold of the print and used it to unlock the phone and even access the PayPal app.

This means that if the phone gets lost, a thief using rudimentary techniques could potentially gain access to the user’s PayPal funds and other sensitive data.

Apple’s iPhone 5s, equipped with its own fingerprint reader, is also susceptible to the same security vulnerability, but it has an added layer of requiring a passkey to be entered to gain access.

It could be that the Samsung engineers weighed the ease of usability versus stringent security and went with ease of use instead.

It seems a quick patch to require a password or pin code before unlocking the phone would mitigate much of these concerns.

With the Heartbleed encryption flaw, the Target breach, and devices touted for their security features being hacked, consumers have every right to be weary of protecting themselves in the digital age.

A demonstration of the vulnerability can be seen here: