Samsung Galaxy S5 Vulnerable to Fingerprint Spoofing
| Arthur Dominic Villasanta | | Apr 16, 2014 09:12 AM EDT |
First, it was Apple's iPhone 5S. Now, it's Samsung's new Galaxy S5. What do the world's top smartphones have in common?
It's an embarrassing flaw, one that allows anyone using a fake fingerprint of the smartphone's owner to trick the fingerprint lock into opening the phone. It's called "fingerprint spoofing."
Like Us on Facebook
Just create a fake rubber finger and then swipe the finger print off of the fingerprint sensor. Voila! You've got an open iPhone 5S and Galaxy S5.
The vulnerability of the Galaxy smartphone was demonstrated in a dramatic fashion on a video produced by SR Security Research Labs GmbH, a German security research firm based in Berlin, and uploaded on YouTube.
Security Research Labs penetrated the Galaxy S5's fingerprint sensor only four days after the smartphone hit worldwide markets. The same laboratory last September used the same fingerprint spoofing ploy to deceive Apple's iPhone 5S into opening.
The company said it used a photo of a fingerprint taken by a camera phone to create a "fake finger" from a mold. Using the fake finger, the company was able to access Samsung S5's home screen and then send money via a PayPal app, which also requires fingerprint authentication.
Security Research Labs said that Samsung seemed to not have learned from the mistakes of other manufacturers. It added that fingerprint authentication is very vulnerable to unauthorized access, and with PayPal apps and other financial applications employing fingerprint access, hackers are now more encouraged to develop their fingerprint spoofing skills.
Security Research Labs said other devices with touch and swipe sensors are equally vulnerable to fingerprint spoofing. The firm also showed a video of how it successfully unlocked a laptop, a Fujitsu smartphone, and an iPhone 5S using the fingerprint photo it took with an iPhone 4S.
SR Security Research Labs concludes that fingerprints are not fit for secure device locking. It noted that using fingerprints for local user authentication has two shortcomings when compared to passwords: once a fingerprint is stolen, there is no way to change it and users leave copies of their fingerprints everywhere.
"Fingerprints are not fit for secure local user authentication as long as spoofs ("fake fingers") can be produced from these pervasive copies," said the lab.
©2015 Chinatopix All rights reserved. Do not reproduce without permission
EDITOR'S PICKS
-
Did the Trump administration just announce plans for a trade war with ‘hostile’ China and Russia?
-
US Senate passes Taiwan travel bill slammed by China
-
As Yan Sihong’s family grieves, here are other Chinese students who went missing abroad. Some have never been found
-
Beijing blasts Western critics who ‘smear China’ with the term sharp power
-
China Envoy Seeks to Defuse Tensions With U.S. as a Trade War Brews
-
Singapore's Deputy PM Provides Bitcoin Vote of Confidence Amid China's Blanket Bans
-
China warns investors over risks in overseas virtual currency trading
-
Chinese government most trustworthy: survey
-
Kashima Antlers On Course For Back-To-Back Titles
MOST POPULAR
LATEST NEWS
Zhou Yongkang: China's Former Security Chief Sentenced to Life in Prison
China's former Chief of the Ministry of Public Security, Zhou Yongkang, has been given a life sentence after he was found guilty of abusing his office, bribery and deliberately ... Full Article
TRENDING STORY
China Pork Prices Expected to Stabilize As The Supplies Recover
-
Elephone P9000 Smartphone is now on Sale on Amazon India
-
There's a Big Chance Cliffhangers Won't Still Be Resolved When Grey's Anatomy Season 13 Returns
-
Supreme Court Ruled on Samsung vs Apple Dispute for Patent Infringement
-
Microsoft Surface Pro 5 Rumors and Release Date: What is the Latest?
