Security team finds Samsung Galaxy S 5 fingerprint scanner susceptible to molds

[Guest Jeff Causey]

 

A new report from SRLabs indicates the new Samsung Galaxy S 5 fingerprint scanner is similar to other devices on the market in being open to attacks using molds of fingerprints. Similar to the iPhone 5S and other commercial grade fingerprint scanners, malicious individuals can make a mold of a fingerprint that is sufficient to unlock a Galaxy S 5. In the case of the latest Samsung smartphone to hit the market, Samsung does not require any additional password or PIN to be used in conjunction with the fingerprint to unlock the device or to take advantage of PayPal’s integration with the fingerprint scanner.

 

SRLabs noted in their examination and testing of the Galaxy S 5 that after a reboot, the smartphone does not require any password to be unlocked with a simple swipe of the finger sufficient. For comparison, Apple’s iPhone 5S does require a password the first time a user tries to unlock the device using a fingerprint after a reboot.

 

SRLabs also noted that PayPal does not require a password to make payments if the app has been configured for fingerprint authentication. Basically, once one makes a copy of a fingerprint, they are in. PayPal has responded indicating that their service does not use the actual fingerprint for authentication. Instead, the fingerprint merely unlocks a crytographic key that is used in place of a password, so a user could request deactivation of that key if their device were lost or stolen. PayPal also thinks their fraud tools would help prevent unauthorized use.

 

If you have setup the fingerprint scanner on the Galaxy S 5, does this report make you want to reconsider continued use?

 

Click here to view the embedded video.

 

 

source:

Heise Security

via: BGR

 

 

Come comment on this article: Security team finds Samsung Galaxy S 5 fingerprint scanner susceptible to molds

Visit

TalkAndroid for Android news, Android guides, and much more!

 

 

News via TalkAndroid