Samsung Galaxy S5 fingerprint login is tricked by security researchers from SRLabs in Germany. The vulnerability is similar to that existed on Apple iPhone 5s and its Touch ID feature.
Fingerprint authentication created a stir in the market when Samsung started boasting about its rather intriguing feature. However, barely a few days after Samsung Galaxy S5’s release in the market, German hackers have figured a way out to trick its security system into accepting a mold of finger print rather than a real finger.
Samsung, apparently is following Apple’s footsteps; last year, Apple’s authentication system was thwarted by creating a latex copy of someone’s fingerprint. Both the phones could be easily unlocked using glue. A team at the Berlin-based Security Research Labs had unveiled a method for the same last year. Pink latex milk or white wood glue is smeared into the pattern. A silver of latex is formed on the sheet which when blown on the phone’s screen gives an impression quite similar to that of a human finger.
Latent prints as reported by the Explore Forensics Website “can be visualized using magnesium powder, which is gently brushed over hard and shiny surfaces in order to illuminate them”. The touch ID was hacked by Chaos Computer Club (CCC) last year.
The problem was equally grave when Apple’s iPhone S5 vulnerability was exposed. However, what aggravates the situation for Samsung is its integration with PayPal which allows users to make transactions and access money using fingerprint technique. The startling revelation regarding Samsung Galaxy S5 hasn’t only put its users at grave risk but has also severely dented its credibility.
However, PayPal has a different thing to say. “PayPal never stores or even has access to your actual fingerprint with authentication on the Galaxy S5. The scan unlocks a secure cryptographic key that serves as a password replacement for the phone. We can simply deactivate the key from a lost or stolen device, and you can create a new one.” So apparently, it’s not the fingerprint that will create the trap but the service instead. It also says that it’s easy to block any unwanted payments, since the fingerprint isn’t linked to your account.
Using fingerprints instead of passwords has always been much of a hassle. Once a fingerprint gets stolen there is no way to replace it. Secondly, there is always a possibility of the user leaving traces of his fingerprints everywhere, which again makes him susceptible to risk.
As we all know that Galaxy S5, Samsung’s latest and greatest comes with a 5.1-inch Super AMOLED Full HD display with a screen resolution of 1920 x 1080, IP67 water and dust resistance rating that provides up to 30 minutes in 3.3 feet or 1 meter of water, a 16MP camera utilizing Samsung’s own new ISOCELL camera technology that matches the camera quality of DSLR cameras, a 0.3-second Fast Autofocus feature that provides a selective focus feature, and features a home-embedded fingerprint scanner as well as a heart rate monitor just below the 16MP back camera on the device.
Breaking into a phone by hacking the fingerprint can surely be complex and tedious. It might have injected a sense of paranoia and fear in the users, but it might not be that easy to get browbeat hacking into a living reality.