Samsung Galaxy S5 fingerprint sensor easily bypassed (video)

by Mark Tyson on 16 April 2014, 13:00

Tags: Samsung (005935.KS), PC

Quick Link: HEXUS.net/qacden

Add to My Vault: x

Just like the iPhone 5S Touch ID fingerprint scanner was hacked not long after the smartphone's release, security researchers have demonstrated the vulnerability of Samsung Galaxy S5's fingerprint sensor authentication. A YouTube video has been published showing the bypass of Samsung's biometric security measure using a fake fingerprint made from wood glue. It seems like Samsung has learnt nothing from Apple's pratfall.

The video, by German-based Security Research Labs (SRLabs), reveals the mould of a fingerprint used to fool the S5's fingerprint sensor into unlocking the phone. The mould is made from a smartphone camera photo of a fingerprint left on a phone's shiny glass screen.

"Not only is it possible to spoof the fingerprint authentication, even after the device has been turned off, but the implementation also allows for seemingly unlimited authentication attempts without ever requiring a password," says an SRLabs researcher in the video.

Worryingly, owners of the latest Galaxy smartphone can also use their fingerprints to authenticate with PayPal and other apps. However, according to PayPal's head of ecosystem security, Brett McDowell, in an interview with the WSJ, the sensor deception is "not something you can do on any number of devices." McDowell added "This is not like a massive phishing scam where you can get million of passwords quickly. This is limited to one device, one victim at a time."

Galaxy S5 to outsell S4, according to Samsung executives

Despite some flaws in the device (such as that mentioned above), the South Korean mobile giant still believes that the Galaxy S5 should outsell its predecessor. This challenges previous third party predictions that Samsung's latest flagship will struggle in a tough market for high-end handsets.

Pricing for the Galaxy S5, which rolled out worldwide last week, was made more attractive with the inclusion of a gift pack "worth $600". Samsung also more than doubled the number of initial launch countries to 125 in its effort to maintain growth momentum in the mobile business that generates 70 per cent of its total profits.

"(The S5) is selling faster than the S4 so far, though it's difficult to share specific numbers as we're still at early stages," Yoon Han-kil, senior vice president of Samsung's product strategy team, told Reuters in an interview. "S5 sales should be much better than the S4."

Tizen phone to debut in Q2

In the aforementioned interview, Yoon also mentioned that Samsung is currently working to introduce at least two smartphones running on its own Tizen operating system.

The firm has long planned to build its own ecosystem to reduce reliance on Google's Android OS and its first Tizen phone is said to be launching around the end of the second quarter this year. It is said be a high-end model whilst the subsequent second Tizen device would be aimed at the middle of the market to drive volume growth.

Lastly, for those who just want to see some violent flagship smartphone action, this is your lucky day. Check out the video below showing the Galaxy S5 in a slow-mo .50 calibre destruction 'test'.



HEXUS Forums :: 3 Comments

Login with Forum Account

Don't have an account? Register today!
.50 Cal's slow mo shot on S5 is pure art.
Releasing a ‘flagship’ phone in this day and age that can't withstand a .50 calibre round is just unacceptable.
A YouTube video has been published showing the bypass of Samsung's biometric security measure using a fake fingerprint made from wood glue. It seems like Samsung has learnt nothing from Apple's pratfall.
Apparently not - that's what happens when you let the marketing departments have an input into designing your product.
However, according to PayPal's head of ecosystem security, Brett McDowell, in an interview with the WSJ, the sensor deception is “not something you can do on any number of devices.” McDowell added “This is not like a massive phishing scam where you can get million of passwords quickly. This is limited to one device, one victim at a time.”
What a dead hick! If I'm reading the situation correctly, some miscreant can still steal your phone, clone that fingerprint and then perhaps go on a PayPal spending spree (I'm assuming that this kind of lax attitude of PayPal's means that it also doesn't auto lock - I refuse to use PayPal on my phone so I'm guessing here).

Then again, I'd always prefer passcode to fingerprint swipe for security.