Close Menu
Technotification
    Facebook X (Twitter) Instagram
    Facebook X (Twitter) Instagram
    Technotification
    • Home
    • News
    • How To
    • Explained
    • Facts
    • Lists
    • Programming
    • Security
    • Gaming
    Technotification
    Home › Security › Galaxy S5 fingerprint scanner hacked with glue mould!

    Galaxy S5 fingerprint scanner hacked with glue mould!

    By Vikram Singh RaoJune 7, 2017
    Facebook Twitter Reddit LinkedIn
    Galaxy S5 fingerprint scanner



    The researchers fooled the new handset using a mould made out of glue!

    The fingerprint sensor on Samsung’s Galaxy S5 handset has been hacked less than a week after the device went on sale. Berlin-based Security Research Labs fooled the equipment using a mould it had previously created to spoof the sensor on Apple’s iPhone 5S.  The researchers said they were concerned that thieves could exploit the flaw in Samsung’s device to trigger money transfers via PayPal.
    The payments firm played down the risk.

    “While we take the findings from Security Research Labs [SRL] very seriously, we are still confident that fingerprint authentication offers an easier and more secure way to pay on mobile devices than passwords or credit cards,” it said.

    It added that even if users were hacked it would cover their losses. A spokesman for Samsung was unable to comment.
    SRL created its hack by lifting a real fingerprint from a smartphone screen and then carrying out a fairly elaborate process to create a mould out of glue and graphite spray. This was then swiped across the sensor that sits in the phone’s home button.

    Apple’s iPhone 5S is also vulnerable to spoofed fingerprints!

    “The fingerprint mould was actually one I made for the Apple device back in September,” project manager Ben Schlabs told the BBC.

    “All I had to do was take it out of the reject pile as it wasn’t one of the ones that ended up working on the iPhone 5S for whatever reason.”

    “It was the first one I tried and it worked immediately on the S5.”
    Although the fake fingerprint proved easy to use, Mr Schlabs added that he was concerned that Samsung’s software would not lock out thieves who had less luck, allowing them to make repeated attempts.

    “But the way it works is that if it fails five times and asks for a password, if you just turn the screen off and back on again you can have another try.”
    This is not true of the iPhone 5S.

    Reveal transactions:

    While Apple currently limits its fingerprint scanner to unlocking the iPhone and verifying purchases in its own online store, Samsung has allowed its sensor to be used by third-party apps that add its Pass API (application program interface) to their code. The researchers were able to use the mould to access PayPal’s app. PayPal’s mobile app is the first to take advantage of this. The software can be used to send and request money and reveal past transactions. SRL acknowledged that the fingerprint scanner made it simpler to access, but criticised the company for not requiring a second form of authentication, such as a Pin code.
    However, PayPal said Galaxy S5 users should not be deterred from using the feature.

    “The scan unlocks a secure cryptographic key that serves as a password replacement for the phone,” it said.
    “We can simply deactivate the key from a lost or stolen device, and you can create a new one.“

    PayPal also uses sophisticated fraud and risk management tools to try to prevent fraud before it happens. However, in the rare instances that it does, you are covered by our purchase protection policy.

    Rory Cellan-Jones tests out the Samsung S5:

    Tech blog Engadget agreed that users should not be too concerned.
    “The odds are low that a street thief will get past your phone’s defences, or that a talented hacker will get in before you’ve had a chance to remotely wipe your content,” it reported.
    But Mr Schlabs said that did not mean the risk of fingerprint hacks could be ignored.
    “If you think into the future, once ATMs have fingerprint scanners and once heads of state start using fingerprint authentication it’s going to become a lot more attractive,” he said.
    “Our method is pretty rudimentary and has been around for at least a decade and it worked on a phone that was only released last week.“
    “Once people develop better or faster methods, or once there are fingerprint databases of images that get leaked, it’s definitely a concern.”

    Share. Facebook Twitter LinkedIn Tumblr Reddit Telegram WhatsApp
    Vikram Singh Rao
    • Website
    • Facebook
    • X (Twitter)
    • LinkedIn

    I am an entrepreneur at heart who has made his hobby turned a passion, his profession now.

    Related Posts

    NVIDIA GeForce NOW is Finally Coming to India

    January 8, 2025

    The Psychology of a Phishing Email: How Scammers Play with Your Mind

    July 16, 2024

    9 Essential Elements of a Strong Cyber Security Management System

    July 3, 2024

    Common Cyber Attacks and How to Prevent Them

    July 3, 2024

    How Cyber Security Paid Training Prepares You for Real-World Threats

    June 13, 2024

    The Role of Security in Server Colocation Environments

    March 12, 2024
    Lists You May Like

    10 Sites to Watch Free Korean Drama [2025 Edition]

    January 2, 2025

    The Pirate Bay Proxy List in 2025 [Updated List]

    January 2, 2025

    10 Best RARBG Alternative Sites in April 2025 [Working Links]

    April 1, 2025

    10 Best Torrent Search Engine Sites (2025 Edition)

    February 12, 2025

    10 Best GTA V Roleplay Servers in 2025 (Updated List)

    January 6, 2025

    5 Best Torrent Sites for Software in 2025

    January 2, 2025

    1337x Alternatives, Proxies, and Mirror Sites in 2025

    January 2, 2025

    10 Best Torrent Sites for eBooks in 2025 [Working]

    January 2, 2025

    10 Best Anime Torrent Sites in 2025 [Working Sites]

    January 6, 2025

    Top Free Photo Editing Software For PC in 2025

    January 2, 2025
    Pages
    • About
    • Contact
    • Privacy
    • Careers
    Privacy

    Information such as the type of browser being used, its operating system, and your IP address is gathered in order to enhance your online experience.

    © 2013 - 2025 Technotification | All rights reserved.

    Type above and press Enter to search. Press Esc to cancel.