The much-hyped fingerprint scanner on Samsung’s latest flagship handset the Galaxy S5 has already been hacked just days after the device was launched, although a teardown reveals a bill of materials in excess of $250 (£150) – higher than the iPhone 5S.
Researchers at Germany’s Security Research Labs (SRLabs) publicised their findings in a YouTube clip. According to the narrator: “the spoof was made under lab conditions but is based on nothing more than a camera phone photo of an unprocessed latent print on a smartphone screen.”
A PCB mold is then made from the photo, into which wood glue is smeared to make the dummy fingerprint.
The hack is concerning given that it grants access to “highly sensitive apps” such as PayPal, giving “a would-be attacker an even greater incentive to learn the simple skill of fingerprint spoofing”, the researchers said.
According to the researchers Samsung has executed the fingerprint authentication quite poorly and has failed to learn from the mistakes of other tech companies which have gone before it in trying to implement effective biometric authentication systems. Unlike the Apple device, the S5 currently does not require a password to authenticate after a certain number of incorrect attempts to swipe in. This means attackers can theoretically have as many goes as they like as long as they reboot the handset every so often.
This kind of oversight is surprising considering the amount of money Samsung has spent on building its latest star handset.
The fingerprint scanner is not broken out by cost although the market analyst claimed that the S5 has more sensors “than IHS has ever detected in a smartphone design”.
The post Samsung Galaxy S5’s fingerprint scanner fails to live up to security standards appeared first on Am I Hacker Proof.
View full post on Am I Hacker Proof